A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.

• https://metacpan.org/changes/distribution/DBI
• https://bugzilla.redhat.com/show_bug.cgi?id=1877409

An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.

• https://metacpan.org/changes/distribution/DBI
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
• https://bugzilla.redhat.com/show_bug.cgi?id=1877402
• https://bugzilla.redhat.com/show_bug.cgi?id=1877402
• https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html
• http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html
• http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html
• https://usn.ubuntu.com/4503-1/

An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.

• https://metacpan.org/changes/distribution/DBI
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20919
• https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff
• https://bugzilla.redhat.com/show_bug.cgi?id=1877405
• https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/US6VXPKVAYHOKNFSAFLM3FWNYZSJKQHS/
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KJN7E27GD6QQ2CRGEJ3TNW2DJFXA2AKN/
• https://ubuntu.com/security/notices/USN-4534-1

DBD::File drivers open files from folders other than specifically passed using the f_dir attribute.

• https://metacpan.org/changes/distribution/DBI
• https://rt.cpan.org/Public/Bug/Display.html?id=99508

Allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

• https://metacpan.org/changes/distribution/DBI

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.

• https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590
• https://metacpan.org/release/HMBRAND/DBI-1.643_01/view/Changes

An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.

• https://rt.cpan.org/Public/Bug/Display.html?id=99508
• https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014
• https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a
• https://usn.ubuntu.com/4509-1/
• https://metacpan.org/release/HMBRAND/DBI-1.643_01/view/Changes

An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.

• https://github.com/perl5-dbi/dbi/commit/401f1221311c71f760e21c98772f0f7e3cbead1d
• https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.628-22nd-July-2013
• https://rt.cpan.org/Public/Bug/Display.html?id=85562

An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.

• https://github.com/perl5-dbi/dbi/commit/a8b98e988d6ea2946f5f56691d6d5ead53f65766
• https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014
• https://rt.cpan.org/Public/Bug/Display.html?id=86744#txn-1880941
• https://usn.ubuntu.com/4509-1/

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require four characters, 100-999 require five characters, et cetera.

• https://metacpan.org/release/HMBRAND/DBI-1.648/changes
• https://github.com/perl5-dbi/dbi/commit/af79036c07aa9a457971c0f4136e37c85dc20978.patch

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application can trigger a buffer overflow.

• https://metacpan.org/release/HMBRAND/DBI-1.648/changes
• https://github.com/perl5-dbi/dbi/commit/bfe5d73c162d2d1f761a639a0aa33aad6a9eb54e.patch