CVE-2020-14392

Vulnerability

An untrusted pointer dereference flaw exists in Perl-DBI versions prior to 1.643 [1]. The vulnerability occurs in the XS (eXternal Subroutine) functions when the Perl stack is reallocated, specifically within the dbd_db_login6_sv() function. A local attacker can manipulate calls to this function, leading to memory corruption [1]. The affected code path is reachable under normal operational conditions when the Perl interpreter reallocates its stack during a login operation.

Exploitation

To exploit this vulnerability, an attacker needs local access and the ability to craft or influence calls to dbd_db_login6_sv(). The attacker can trigger memory corruption by causing the Perl stack to be reallocated in a way that leaves a dangling pointer, which is then dereferenced unsafely [1]. No authentication or special privileges are required beyond local user access to execute a Perl script that uses the DBI module.

Impact

Successful exploitation leads to memory corruption, primarily affecting the availability of the service (denial of service) [1]. The vulnerability is classified as low severity by Red Hat [1]. In some configurations, an attacker might also achieve arbitrary code execution, as noted in the Ubuntu security advisory [2], but the primary impact is denial of service.

Mitigation

The vulnerability is fixed in Perl-DBI version 1.643 [1]. Red Hat has acknowledged the issue as CLOSED WONTFIX for some products, indicating that no official Red Hat patch will be provided for certain affected releases [1]. Users should update to version 1.643 or later [2]. Ubuntu provided updated packages via USN-4503-1 [2]. If updating is not possible, consider restricting local access to the system as a workaround.