CVE-2009-0663: Buffer Overflow
First published: Thu Apr 30 2009(Updated: )
Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Perl 5.30.0 | ||
| CMU DBD | =\-pg |
Remedy
http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz
- https://launchpad.net/bugs/cve/2009-0663
- http://www.debian.org/security/2009/dsa-1780
- http://secunia.com/advisories/34909
- http://www.securityfocus.com/bid/34755
- http://www.redhat.com/support/errata/RHSA-2009-0479.html
- http://secunia.com/advisories/35058
- http://www.redhat.com/support/errata/RHSA-2009-1067.html
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
- http://secunia.com/advisories/35685
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50467
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499
Frequently Asked Questions
What is the severity of CVE-2009-0663?
CVE-2009-0663 is considered a critical vulnerability due to the potential for arbitrary code execution.
How do I fix CVE-2009-0663?
To fix CVE-2009-0663, upgrade the DBD::Pg module to a version that is not affected by this vulnerability.
What software is affected by CVE-2009-0663?
CVE-2009-0663 affects the DBD::Pg module version 1.49 for Perl.
Can CVE-2009-0663 be exploited remotely?
Yes, CVE-2009-0663 can be exploited by context-dependent attackers through specific input.
What functions in DBD::Pg are related to CVE-2009-0663?
The functions getline and pg_getline in the DBD::Pg module are related to CVE-2009-0663.
- collector/nvd-historical
- collector/launchpad-cve
- agent/type
- agent/event
- agent/references
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/description
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/perl
- canonical/perl 5.30.0
- vendor/cmu
- canonical/cmu dbd
- version/cmu dbd/\-pg