CVE-2012-1151
First published: Fri Mar 09 2012(Updated: )
Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Perl | <=2.18.1 | |
| Perl | =0.1 | |
| Perl | =0.2 | |
| Perl | =0.3 | |
| Perl | =0.4 | |
| Perl | =0.5 | |
| Perl | =0.52 | |
| Perl | =0.61 | |
| Perl | =0.62 | |
| Perl | =0.63 | |
| Perl | =0.64 | |
| Perl | =0.65 | |
| Perl | =0.66 | |
| Perl | =0.67 | |
| Perl | =0.68 | |
| Perl | =0.69 | |
| Perl | =0.70 | |
| Perl | =0.71 | |
| Perl | =0.72 | |
| Perl | =0.73 | |
| Perl | =0.80 | |
| Perl | =0.81 | |
| Perl | =0.82 | |
| Perl | =0.83 | |
| Perl | =0.84 | |
| Perl | =0.85 | |
| Perl | =0.86 | |
| Perl | =0.87 | |
| Perl | =0.88 | |
| Perl | =0.89 | |
| Perl | =0.90 | |
| Perl | =0.91 | |
| Perl | =0.92 | |
| Perl | =0.93 | |
| Perl | =0.94 | |
| Perl | =0.95 | |
| Perl | =0.96 | |
| Perl | =0.97 | |
| Perl | =0.98 | |
| Perl | =0.99 | |
| Perl | =1.00 | |
| Perl | =1.01 | |
| Perl | =1.20 | |
| Perl | =1.21 | |
| Perl | =1.22 | |
| Perl | =1.31 | |
| Perl | =1.32 | |
| Perl | =1.40 | |
| Perl | =1.41 | |
| Perl | =1.42 | |
| Perl | =1.43 | |
| Perl | =1.44 | |
| Perl | =1.45 | |
| Perl | =1.46 | |
| Perl | =1.47 | |
| Perl | =1.48 | |
| Perl | =1.49 | |
| Perl | =2.0.0 | |
| Perl | =2.1.0 | |
| Perl | =2.1.1 | |
| Perl | =2.1.2 | |
| Perl | =2.1.3 | |
| Perl | =2.2.0 | |
| Perl | =2.2.1 | |
| Perl | =2.2.2 | |
| Perl | =2.3.0 | |
| Perl | =2.4.0 | |
| Perl | =2.5.0 | |
| Perl | =2.5.1 | |
| Perl | =2.6.0 | |
| Perl | =2.6.1 | |
| Perl | =2.6.2 | |
| Perl | =2.6.3 | |
| Perl | =2.6.4 | |
| Perl | =2.6.5 | |
| Perl | =2.6.6 | |
| Perl | =2.7.0 | |
| Perl | =2.7.1 | |
| Perl | =2.7.2 | |
| Perl | =2.8.0 | |
| Perl | =2.8.1 | |
| Perl | =2.8.2 | |
| Perl | =2.8.3 | |
| Perl | =2.8.4 | |
| Perl | =2.8.5 | |
| Perl | =2.8.6 | |
| Perl | =2.8.7 | |
| Perl | =2.8.8 | |
| Perl | =2.9.0 | |
| Perl | =2.9.1 | |
| Perl | =2.9.2 | |
| Perl | =2.10.0 | |
| Perl | =2.10.1 | |
| Perl | =2.10.2 | |
| Perl | =2.10.3 | |
| Perl | =2.10.4 | |
| Perl | =2.10.5 | |
| Perl | =2.10.6 | |
| Perl | =2.10.7 | |
| Perl | =2.11.0 | |
| Perl | =2.11.1 | |
| Perl | =2.11.2 | |
| Perl | =2.11.3 | |
| Perl | =2.11.4 | |
| Perl | =2.11.5 | |
| Perl | =2.11.6 | |
| Perl | =2.11.7 | |
| Perl | =2.11.8 | |
| Perl | =2.12.0 | |
| Perl | =2.13.0 | |
| Perl | =2.14.0 | |
| Perl | =2.14.1 | |
| Perl | =2.15.0 | |
| Perl | =2.15.1 | |
| Perl | =2.16.0 | |
| Perl | =2.16.1 | |
| Perl | =2.17.0 | |
| Perl | =2.17.1 | |
| Perl | =2.17.2 | |
| Perl | =2.18.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536
- https://rt.cpan.org/Public/Bug/Display.html?id=75642
- https://rt.cpan.org/Ticket/Attachment/1047954/547725/0001-Explicitly-warn-and-croak-with-controlled-format-str.patch
- http://www.openwall.com/lists/oss-security/2012/03/09/6
- http://www.openwall.com/lists/oss-security/2012/03/10/4
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=836931
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=841133
- https://rhn.redhat.com/errata/RHSA-2012-1116.html
- https://bugzilla.redhat.com/show_bug.cgi?id=801733
- http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes
- http://rhn.redhat.com/errata/RHSA-2012-1116.html
- http://secunia.com/advisories/48307
- http://secunia.com/advisories/48319
- http://secunia.com/advisories/48824
- http://security.gentoo.org/glsa/glsa-201204-08.xml
- http://www.debian.org/security/2012/dsa-2431
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:112
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73854
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73855
- collector/redhat-bugzilla
- alias/CVE-2012-1151
- agent/severity
- agent/type
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/weakness
- agent/author
- vendor/perl
- canonical/perl
- version/perl/2.18.1
- version/perl/0.1
- version/perl/0.2
- version/perl/0.3
- version/perl/0.4
- version/perl/0.5
- version/perl/0.52
- version/perl/0.61
- version/perl/0.62
- version/perl/0.63
- version/perl/0.64
- version/perl/0.65
- version/perl/0.66
- version/perl/0.67
- version/perl/0.68
- version/perl/0.69
- version/perl/0.70
- version/perl/0.71
- version/perl/0.72
- version/perl/0.73
- version/perl/0.80
- version/perl/0.81
- version/perl/0.82
- version/perl/0.83
- version/perl/0.84
- version/perl/0.85
- version/perl/0.86
- version/perl/0.87
- version/perl/0.88
- version/perl/0.89
- version/perl/0.90
- version/perl/0.91
- version/perl/0.92
- version/perl/0.93
- version/perl/0.94
- version/perl/0.95
- version/perl/0.96
- version/perl/0.97
- version/perl/0.98
- version/perl/0.99
- version/perl/1.00
- version/perl/1.01
- version/perl/1.20
- version/perl/1.21
- version/perl/1.22
- version/perl/1.31
- version/perl/1.32
- version/perl/1.40
- version/perl/1.41
- version/perl/1.42
- version/perl/1.43
- version/perl/1.44
- version/perl/1.45
- version/perl/1.46
- version/perl/1.47
- version/perl/1.48
- version/perl/1.49
- version/perl/2.0.0
- version/perl/2.1.0
- version/perl/2.1.1
- version/perl/2.1.2
- version/perl/2.1.3
- version/perl/2.2.0
- version/perl/2.2.1
- version/perl/2.2.2
- version/perl/2.3.0
- version/perl/2.4.0
- version/perl/2.5.0
- version/perl/2.5.1
- version/perl/2.6.0
- version/perl/2.6.1
- version/perl/2.6.2
- version/perl/2.6.3
- version/perl/2.6.4
- version/perl/2.6.5
- version/perl/2.6.6
- version/perl/2.7.0
- version/perl/2.7.1
- version/perl/2.7.2
- version/perl/2.8.0
- version/perl/2.8.1
- version/perl/2.8.2
- version/perl/2.8.3
- version/perl/2.8.4
- version/perl/2.8.5
- version/perl/2.8.6
- version/perl/2.8.7
- version/perl/2.8.8
- version/perl/2.9.0
- version/perl/2.9.1
- version/perl/2.9.2
- version/perl/2.10.0
- version/perl/2.10.1
- version/perl/2.10.2
- version/perl/2.10.3
- version/perl/2.10.4
- version/perl/2.10.5
- version/perl/2.10.6
- version/perl/2.10.7
- version/perl/2.11.0
- version/perl/2.11.1
- version/perl/2.11.2
- version/perl/2.11.3
- version/perl/2.11.4
- version/perl/2.11.5
- version/perl/2.11.6
- version/perl/2.11.7
- version/perl/2.11.8
- version/perl/2.12.0
- version/perl/2.13.0
- version/perl/2.14.0
- version/perl/2.14.1
- version/perl/2.15.0
- version/perl/2.15.1
- version/perl/2.16.0
- version/perl/2.16.1
- version/perl/2.17.0
- version/perl/2.17.1
- version/perl/2.17.2
- version/perl/2.18.0