Red Hat Customer Portal

Skip to main content

CVE-2012-1151

Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.

Details Source

Mitre

Public Date

2012-02-27 00:00:00

Impact

Moderate

Bugzilla

CVE-2012-1151 perl-DBD-Pg: Format string flaws by turning db notices into Perl warnings and by preparing DBD statement

Bugzilla ID

801 733

CVSS Status

verified

Base Score

5.10

Base Metrics

AV:N/AC:H/Au:N/C:P/I:P/A:P

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (perl-DBD-Pg) RHSA-2012:1116 2012-07-25
Red Hat Enterprise Linux 5 (perl-DBD-Pg) RHSA-2012:1116 2012-07-25

Affected Packages State

Platform Package State
Red Hat Application Stack v2 for Enterprise Linux (v.5) perl-DBD-Pg Affected