PublicDateAtUSN: 2020-09-16 14:15:00 UTC
Candidate: CVE-2020-14393
PublicDate: 2020-09-16 14:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14393
 https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643
 https://ubuntu.com/security/notices/USN-5030-1
 https://ubuntu.com/security/notices/USN-5030-2
Description:
 A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker
 who is able to supply a string longer than 300 characters could cause an
 out-of-bounds write, affecting the availability of the service or integrity
 of data.
Ubuntu-Description: 
Notes: 
Mitigation: 
Bugs: 
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H [7.1 HIGH]


Patches_libdbi-perl:
 upstream: https://github.com/perl5-dbi/dbi/commit/36f2a2c5fea36d7d47d6871e420286643460e71b
upstream_libdbi-perl: needs-triage
precise/esm_libdbi-perl: ignored (end of ESM support, was needed)
trusty_libdbi-perl: ignored (out of standard support)
trusty/esm_libdbi-perl: needed
xenial_libdbi-perl: ignored (end of standard support, was needed)
esm-infra/xenial_libdbi-perl: released (1.634-1ubuntu0.2+esm1)
bionic_libdbi-perl: released (1.640-1ubuntu0.3)
focal_libdbi-perl: not-affected (1.643-1)
groovy_libdbi-perl: not-affected (1.643-2)
hirsute_libdbi-perl: not-affected (1.643-2)
impish_libdbi-perl: not-affected (1.643-2)
jammy_libdbi-perl: not-affected (1.643-2)
devel_libdbi-perl: not-affected (1.643-2)