An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.
CPE | Name | Operator | Version |
---|---|---|---|
ubuntu_linux | eq | 18.04 | |
ubuntu_linux | eq | 14.04 | |
ubuntu_linux | eq | 16.04 | |
ubuntu_linux | eq | 12.04 | |
debian_linux | eq | 9.0 | |
fedora | eq | 31 | |
leap | eq | 15.1 | |
leap | eq | 15.2 | |
dbi | lt | 1.643 |
lists.opensuse.org/opensuse-security-announce/2020-10/msg00012.html
lists.opensuse.org/opensuse-security-announce/2020-10/msg00013.html
github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff
lists.debian.org/debian-lts-announce/2020/09/msg00026.html
lists.fedoraproject.org/archives/list/[email protected]/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
metacpan.org/pod/distribution/DBI/Changes
usn.ubuntu.com/4534-1/