Vulnerabilities > CVE-2019-20919 - NULL Pointer Dereference vulnerability in multiple products

CVSS 4.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

high complexity

NVD

Published: 2020-09-17

Updated: 2023-11-07

Summary

An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.

Vulnerable Configurations

Part	Description	Count
Application	Perl Perl DBI - Perl DBI 1.607 Perl DBI 1.608 Perl DBI 1.609 Perl DBI 1.611 Perl DBI 1.611_90 Perl DBI 1.611_91 Perl DBI 1.611_92 Perl DBI 1.611_93 Perl DBI 1.611_94 Perl DBI 1.612 Perl DBI 1.613 Perl DBI 1.613_70 Perl DBI 1.613_71 Perl DBI 1.613_90 Perl DBI 1.613_91 Perl DBI 1.613_92 Perl DBI 1.613_93 Perl DBI 1.614 Perl DBI 1.614_90 Perl DBI 1.619 Perl DBI 1.620 Perl DBI 1.621 Perl DBI 1.622 Perl DBI 1.623 Perl DBI 1.624 Perl DBI 1.625 Perl DBI 1.626 Perl DBI 1.627 Perl DBI 1.628 Perl DBI 1.630 Perl DBI 1.631 Perl DBI 1.632 Perl DBI 1.632_90 Perl DBI 1.633 Perl DBI 1.633_90 Perl DBI 1.633_91 Perl DBI 1.633_92 Perl DBI 1.634 Perl DBI 1.635 Perl DBI 1.636 Perl DBI 1.637 Perl DBI 1.638 Perl DBI 1.639 Perl DBI 1.640 Perl DBI 1.641 Perl DBI 1.642	47
OS	Fedoraproject Fedoraproject Fedora 31	1
OS	Canonical Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 12.04	4
OS	Debian Debian Debian Linux 9.0	1
OS	Opensuse Opensuse Leap 15.1 Opensuse Leap 15.2	2

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.