CVE-2020-14393
Description
Buffer overflow in perl-DBI <1.643 allows local attackers to cause out-of-bounds write via an overlong DBD class name, leading to denial of service or data corruption.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in perl-DBI <1.643 allows local attackers to cause out-of-bounds write via an overlong DBD class name, leading to denial of service or data corruption.
Vulnerability
In perl-DBI versions prior to 1.643, the DBI.xs file contains a buffer overflow vulnerability. When a DBD class name string longer than 300 characters is supplied, an out-of-bounds write occurs. This affects all versions before 1.643. [1]
Exploitation
A local attacker with the ability to supply a crafted DBD class name (e.g., via a Perl script using DBI) can trigger the overflow. No special privileges are required beyond local access. The attacker provides a string exceeding 300 characters, causing the buffer overflow. [1]
Impact
Successful exploitation results in an out-of-bounds write, which can corrupt memory and lead to denial of service (crash) or potential integrity compromise of data. The attacker does not gain code execution from the described vulnerability, but availability and integrity are affected. [1]
Mitigation
Upgrade to perl-DBI version 1.643 or later, which contains the fix. Red Hat has marked this as WONTFIX for its affected products, meaning no official patch will be provided; users are advised to apply the upstream fix or mitigate by restricting local access. [1]
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
30- perl-DBI/DBIdescription
- Range: <1.643
- osv-coords28 versionspkg:rpm/opensuse/perl-DBI&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/perl-DBI&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/perl-DBI&distro=openSUSE%20Tumbleweedpkg:rpm/suse/perl-DBI&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/perl-DBI&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/perl-DBI&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/perl-DBI&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/perl-DBI&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/perl-DBI&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/perl-DBI&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/perl-DBI&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/perl-DBI&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/perl-DBI&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/perl-DBI&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/perl-DBI&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/perl-DBI&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/perl-DBI&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/perl-DBI&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/perl-DBI&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/perl-DBI&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/perl-DBI&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/perl-DBI&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/perl-DBI&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/perl-DBI&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/perl-DBI&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/perl-DBI&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/perl-DBI&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/perl-DBI&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 1.639-lp151.3.7.1+ 27 more
- (no CPE)range: < 1.639-lp151.3.7.1
- (no CPE)range: < 1.642-lp152.2.3.1
- (no CPE)range: < 1.643-4.1
- (no CPE)range: < 1.628-5.3.1
- (no CPE)range: < 1.628-5.3.1
- (no CPE)range: < 1.639-3.8.1
- (no CPE)range: < 1.639-3.8.1
- (no CPE)range: < 1.639-3.8.1
- (no CPE)range: < 1.642-3.3.1
- (no CPE)range: < 1.607-3.3.1
- (no CPE)range: < 1.607-3.3.1
- (no CPE)range: < 1.628-5.3.1
- (no CPE)range: < 1.628-5.3.1
- (no CPE)range: < 1.628-5.3.1
- (no CPE)range: < 1.628-5.3.1
- (no CPE)range: < 1.628-5.3.1
- (no CPE)range: < 1.628-5.3.1
- (no CPE)range: < 1.639-3.8.1
- (no CPE)range: < 1.628-5.3.1
- (no CPE)range: < 1.628-5.3.1
- (no CPE)range: < 1.628-5.3.1
- (no CPE)range: < 1.628-5.3.1
- (no CPE)range: < 1.639-3.8.1
- (no CPE)range: < 1.628-5.3.1
- (no CPE)range: < 1.628-5.3.1
- (no CPE)range: < 1.628-5.3.1
- (no CPE)range: < 1.628-5.3.1
- (no CPE)range: < 1.628-5.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
6- lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/mitrevendor-advisoryx_refsource_FEDORA
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/09/msg00026.htmlmitremailing-listx_refsource_MLIST
- metacpan.org/pod/distribution/DBI/Changesmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.