Security Advisories (8)

CVE-2020-14393 (2020-09-16)

A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.

CVE-2020-14392 (2020-06-17)

An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.

CVE-2019-20919 (2020-09-17)

An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.

CPANSA-DBI-2014-01 (2014-10-15)

DBD::File drivers open files from folders other than specifically passed using the f_dir attribute.

CVE-2014-10402 (2020-09-16)

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.

CVE-2014-10401 (2020-09-11)

An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.

CVE-2013-7491 (2020-09-11)

An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.

CVE-2013-7490 (2020-09-11)

An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.

NAME

dbilogstrip - filter to normalize DBI trace logs for diff'ing

SYNOPSIS

Read DBI trace file dbitrace.log and write out a stripped version to dbitrace_stripped.log

dbilogstrip dbitrace.log > dbitrace_stripped.log

Run yourscript.pl twice, each with different sets of arguments, with DBI_TRACE enabled. Filter the output and trace through dbilogstrip into a separate file for each run. Then compare using diff. (This example assumes you're using a standard shell.)

DBI_TRACE=2 perl yourscript.pl ...args1... 2>&1 | dbilogstrip > dbitrace1.log
DBI_TRACE=2 perl yourscript.pl ...args2... 2>&1 | dbilogstrip > dbitrace2.log
diff -u dbitrace1.log dbitrace2.log

DESCRIPTION

Replaces any hex addresses, e.g, 0x128f72ce with 0xN.

Replaces any references to process id or thread id, like pid#6254 with pidN.

So a DBI trace line like this:

-> STORE for DBD::DBM::st (DBI::st=HASH(0x19162a0)~0x191f9c8 'f_params' ARRAY(0x1922018)) thr#1800400

will look like this:

-> STORE for DBD::DBM::st (DBI::st=HASH(0xN)~0xN 'f_params' ARRAY(0xN)) thrN

To install DBI, copy and paste the appropriate command in to your terminal.

cpanm

cpanm DBI

CPAN shell

perl -MCPAN -e shell
install DBI

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DESCRIPTION

Module Install Instructions