製品・ソフトウェアに関する情報

JVN脆弱性詳細

Perl 用 DBD::Pg モジュールの dbdimp.c におけるフォーマットストリングの脆弱性

Title	Perl 用 DBD::Pg モジュールの dbdimp.c におけるフォーマットストリングの脆弱性
Summary	Perl 用 DBD::Pg モジュール (別名 DBD-Pg または libdbd-pg-perl モジュール) の dbdimp.c には、フォーマットストリングの脆弱性が存在します。
Possible impacts	リモート PostgreSQL データベースサーバにより、(1) pg_warn 関数に対する巧妙に細工されたデータベースの警告、または (2) dbd_st_prepare 関数に対する巧妙に細工された DBD ステートメントに含まれた、フォーマットストリング指定子を介して、サービス運用妨害 (プロセスクラッシュ) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 9, 2012, midnight
Registration Date	Sept. 12, 2012, 11:19 a.m.
Last Update	Nov. 13, 2012, 5:36 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected System

The Perl Foundation

Perl

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-1151	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1151
National Vulnerability Database (NVD)
2	CVE-2012-1151	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1151

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-134	https://jvndb.jvn.jp/ja/cwe/CWE-134.html

ベンダー情報

No	Name	URL
CPAN
1	Bug #75642	https://rt.cpan.org/Public/Bug/Display.html?id=75642
2	DBD-Pg - Changes	http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes
Debian Bug report logs
3	#661536	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536
Debian セキュリティ勧告
4	DSA-2431	http://www.debian.org/security/2012/dsa-2431
Red Hat Bugzilla
5	Bug 801733	https://bugzilla.redhat.com/show_bug.cgi?id=801733
Red Hat Security Advisory
6	RHSA-2012:1116	http://rhn.redhat.com/errata/RHSA-2012-1116.html

Change Log

No	Changed Details	Date of change
0	[2012年09月12日] 掲載 [2012年11月13日] ベンダ情報：レッドハット (RHSA-2012:1116) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-1151

Summary	Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.
Publication Date	Sept. 10, 2012, 6:55 a.m.
Registration Date	Jan. 28, 2021, 2:55 p.m.
Last Update	Nov. 21, 2024, 10:36 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:perl:perl:0.97:::::::*
cpe:2.3:a:perl:perl:0.91:::::::*
cpe:2.3:a:perl:perl:2.10.0:::::::*
cpe:2.3:a:perl:perl:2.10.3:::::::*
cpe:2.3:a:perl:perl:2.6.4:::::::*
cpe:2.3:a:perl:perl:2.3.0:::::::*
cpe:2.3:a:perl:perl:2.11.3:::::::*
cpe:2.3:a:perl:perl:2.15.0:::::::*
cpe:2.3:a:perl:perl:2.17.1:::::::*
cpe:2.3:a:perl:perl:1.44:::::::*
cpe:2.3:a:perl:perl:2.8.7:::::::*
cpe:2.3:a:perl:perl:2.11.6:::::::*
cpe:2.3:a:perl:perl:2.7.2:::::::*
cpe:2.3:a:perl:perl:0.80:::::::*
cpe:2.3:a:perl:perl:2.11.0:::::::*
cpe:2.3:a:perl:perl:2.11.1:::::::*
cpe:2.3:a:perl:perl:0.96:::::::*
cpe:2.3:a:perl:perl:1.42:::::::*
cpe:2.3:a:perl:perl:2.4.0:::::::*
cpe:2.3:a:perl:perl:2.8.5:::::::*
cpe:2.3:a:perl:perl:2.10.7:::::::*
cpe:2.3:a:perl:perl:2.11.2:::::::*
cpe:2.3:a:perl:perl:0.89:::::::*
cpe:2.3:a:perl:perl:0.81:::::::*
cpe:2.3:a:perl:perl:0.98:::::::*
cpe:2.3:a:perl:perl:2.16.1:::::::*
cpe:2.3:a:perl:perl:0.64:::::::*
cpe:2.3:a:perl:perl:2.6.2:::::::*
cpe:2.3:a:perl:perl:0.3:::::::*
cpe:2.3:a:perl:perl:0.67:::::::*
cpe:2.3:a:perl:perl:1.20:::::::*
cpe:2.3:a:perl:perl:0.88:::::::*
cpe:2.3:a:perl:perl::::::::		2.18.1
cpe:2.3:a:perl:perl:0.61:::::::*
cpe:2.3:a:perl:perl:2.10.6:::::::*
cpe:2.3:a:perl:perl:1.21:::::::*
cpe:2.3:a:perl:perl:0.73:::::::*
cpe:2.3:a:perl:perl:0.71:::::::*
cpe:2.3:a:perl:perl:2.17.0:::::::*
cpe:2.3:a:perl:perl:1.01:::::::*
cpe:2.3:a:perl:perl:2.1.0:::::::*
cpe:2.3:a:perl:perl:1.41:::::::*
cpe:2.3:a:perl:perl:1.47:::::::*
cpe:2.3:a:perl:perl:2.11.5:::::::*
cpe:2.3:a:perl:perl:2.11.4:::::::*
cpe:2.3:a:perl:perl:0.62:::::::*
cpe:2.3:a:perl:perl:1.22:::::::*
cpe:2.3:a:perl:perl:2.2.1:::::::*
cpe:2.3:a:perl:perl:2.5.0:::::::*
cpe:2.3:a:perl:perl:2.2.2:::::::*
cpe:2.3:a:perl:perl:2.7.1:::::::*
cpe:2.3:a:perl:perl:2.10.1:::::::*
cpe:2.3:a:perl:perl:0.86:::::::*
cpe:2.3:a:perl:perl:2.1.3:::::::*
cpe:2.3:a:perl:perl:2.7.0:::::::*
cpe:2.3:a:perl:perl:2.11.7:::::::*
cpe:2.3:a:perl:perl:2.8.1:::::::*
cpe:2.3:a:perl:perl:2.13.0:::::::*
cpe:2.3:a:perl:perl:1.45:::::::*
cpe:2.3:a:perl:perl:0.69:::::::*
cpe:2.3:a:perl:perl:2.8.6:::::::*
cpe:2.3:a:perl:perl:0.87:::::::*
cpe:2.3:a:perl:perl:2.6.3:::::::*
cpe:2.3:a:perl:perl:2.6.6:::::::*
cpe:2.3:a:perl:perl:2.6.1:::::::*
cpe:2.3:a:perl:perl:1.32:::::::*
cpe:2.3:a:perl:perl:2.16.0:::::::*
cpe:2.3:a:perl:perl:2.9.0:::::::*
cpe:2.3:a:perl:perl:0.5:::::::*
cpe:2.3:a:perl:perl:2.14.1:::::::*
cpe:2.3:a:perl:perl:0.2:::::::*
cpe:2.3:a:perl:perl:1.49:::::::*
cpe:2.3:a:perl:perl:0.65:::::::*
cpe:2.3:a:perl:perl:0.1:::::::*
cpe:2.3:a:perl:perl:2.8.4:::::::*
cpe:2.3:a:perl:perl:0.84:::::::*
cpe:2.3:a:perl:perl:0.68:::::::*
cpe:2.3:a:perl:perl:0.4:::::::*
cpe:2.3:a:perl:perl:0.99:::::::*
cpe:2.3:a:perl:perl:2.12.0:::::::*
cpe:2.3:a:perl:perl:2.9.1:::::::*
cpe:2.3:a:perl:perl:0.82:::::::*
cpe:2.3:a:perl:perl:2.10.2:::::::*
cpe:2.3:a:perl:perl:2.6.0:::::::*
cpe:2.3:a:perl:perl:0.94:::::::*
cpe:2.3:a:perl:perl:1.43:::::::*
cpe:2.3:a:perl:perl:0.52:::::::*
cpe:2.3:a:perl:perl:2.1.1:::::::*
cpe:2.3:a:perl:perl:0.83:::::::*
cpe:2.3:a:perl:perl:2.8.2:::::::*
cpe:2.3:a:perl:perl:2.8.8:::::::*
cpe:2.3:a:perl:perl:2.9.2:::::::*
cpe:2.3:a:perl:perl:1.40:::::::*
cpe:2.3:a:perl:perl:2.15.1:::::::*
cpe:2.3:a:perl:perl:2.10.5:::::::*
cpe:2.3:a:perl:perl:2.17.2:::::::*
cpe:2.3:a:perl:perl:1.46:::::::*
cpe:2.3:a:perl:perl:2.10.4:::::::*
cpe:2.3:a:perl:perl:0.66:::::::*
cpe:2.3:a:perl:perl:0.63:::::::*
cpe:2.3:a:perl:perl:0.95:::::::*
cpe:2.3:a:perl:perl:0.90:::::::*
cpe:2.3:a:perl:perl:2.1.2:::::::*
cpe:2.3:a:perl:perl:2.5.1:::::::*
cpe:2.3:a:perl:perl:2.8.0:::::::*
cpe:2.3:a:perl:perl:2.11.8:::::::*
cpe:2.3:a:perl:perl:0.93:::::::*
cpe:2.3:a:perl:perl:1.31:::::::*
cpe:2.3:a:perl:perl:2.6.5:::::::*
cpe:2.3:a:perl:perl:2.0.0:::::::*
cpe:2.3:a:perl:perl:1.00:::::::*
cpe:2.3:a:perl:perl:2.8.3:::::::*
cpe:2.3:a:perl:perl:0.72:::::::*
cpe:2.3:a:perl:perl:2.2.0:::::::*
cpe:2.3:a:perl:perl:0.92:::::::*
cpe:2.3:a:perl:perl:0.85:::::::*
cpe:2.3:a:perl:perl:2.14.0:::::::*
cpe:2.3:a:perl:perl:1.48:::::::*
cpe:2.3:a:perl:perl:0.70:::::::*
cpe:2.3:a:perl:perl:2.18.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536
2	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536
3	http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes
4	http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes
5	http://rhn.redhat.com/errata/RHSA-2012-1116.html
6	http://rhn.redhat.com/errata/RHSA-2012-1116.html
7	http://secunia.com/advisories/48307	Vendor Advisory
8	http://secunia.com/advisories/48307	Vendor Advisory
9	http://secunia.com/advisories/48319	Vendor Advisory
10	http://secunia.com/advisories/48319	Vendor Advisory
11	http://secunia.com/advisories/48824
12	http://secunia.com/advisories/48824
13	http://security.gentoo.org/glsa/glsa-201204-08.xml
14	http://security.gentoo.org/glsa/glsa-201204-08.xml
15	http://www.debian.org/security/2012/dsa-2431
16	http://www.debian.org/security/2012/dsa-2431
17	http://www.mandriva.com/security/advisories?name=MDVSA-2012:112
18	http://www.mandriva.com/security/advisories?name=MDVSA-2012:112
19	http://www.openwall.com/lists/oss-security/2012/03/09/6
20	http://www.openwall.com/lists/oss-security/2012/03/09/6
21	http://www.openwall.com/lists/oss-security/2012/03/10/4
22	http://www.openwall.com/lists/oss-security/2012/03/10/4
23	https://bugzilla.redhat.com/show_bug.cgi?id=801733
24	https://bugzilla.redhat.com/show_bug.cgi?id=801733
25	https://exchange.xforce.ibmcloud.com/vulnerabilities/73854
26	https://exchange.xforce.ibmcloud.com/vulnerabilities/73854
27	https://exchange.xforce.ibmcloud.com/vulnerabilities/73855
28	https://exchange.xforce.ibmcloud.com/vulnerabilities/73855
29	https://rt.cpan.org/Public/Bug/Display.html?id=75642
30	https://rt.cpan.org/Public/Bug/Display.html?id=75642

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-134	書式文字列の問題	https://cwe.mitre.org/data/definitions/134.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:perl:perl:0.97:::::::*
cpe:2.3:a:perl:perl:0.91:::::::*
cpe:2.3:a:perl:perl:2.10.0:::::::*
cpe:2.3:a:perl:perl:2.10.3:::::::*
cpe:2.3:a:perl:perl:2.6.4:::::::*
cpe:2.3:a:perl:perl:2.3.0:::::::*
cpe:2.3:a:perl:perl:2.11.3:::::::*
cpe:2.3:a:perl:perl:2.15.0:::::::*
cpe:2.3:a:perl:perl:2.17.1:::::::*
cpe:2.3:a:perl:perl:1.44:::::::*
cpe:2.3:a:perl:perl:2.8.7:::::::*
cpe:2.3:a:perl:perl:2.11.6:::::::*
cpe:2.3:a:perl:perl:2.7.2:::::::*
cpe:2.3:a:perl:perl:0.80:::::::*
cpe:2.3:a:perl:perl:2.11.0:::::::*
cpe:2.3:a:perl:perl:2.11.1:::::::*
cpe:2.3:a:perl:perl:0.96:::::::*
cpe:2.3:a:perl:perl:1.42:::::::*
cpe:2.3:a:perl:perl:2.4.0:::::::*
cpe:2.3:a:perl:perl:2.8.5:::::::*
cpe:2.3:a:perl:perl:2.10.7:::::::*
cpe:2.3:a:perl:perl:2.11.2:::::::*
cpe:2.3:a:perl:perl:0.89:::::::*
cpe:2.3:a:perl:perl:0.81:::::::*
cpe:2.3:a:perl:perl:0.98:::::::*
cpe:2.3:a:perl:perl:2.16.1:::::::*
cpe:2.3:a:perl:perl:0.64:::::::*
cpe:2.3:a:perl:perl:2.6.2:::::::*
cpe:2.3:a:perl:perl:0.3:::::::*
cpe:2.3:a:perl:perl:0.67:::::::*
cpe:2.3:a:perl:perl:1.20:::::::*
cpe:2.3:a:perl:perl:0.88:::::::*
cpe:2.3:a:perl:perl::::::::		2.18.1
cpe:2.3:a:perl:perl:0.61:::::::*
cpe:2.3:a:perl:perl:2.10.6:::::::*
cpe:2.3:a:perl:perl:1.21:::::::*
cpe:2.3:a:perl:perl:0.73:::::::*
cpe:2.3:a:perl:perl:0.71:::::::*
cpe:2.3:a:perl:perl:2.17.0:::::::*
cpe:2.3:a:perl:perl:1.01:::::::*
cpe:2.3:a:perl:perl:2.1.0:::::::*
cpe:2.3:a:perl:perl:1.41:::::::*
cpe:2.3:a:perl:perl:1.47:::::::*
cpe:2.3:a:perl:perl:2.11.5:::::::*
cpe:2.3:a:perl:perl:2.11.4:::::::*
cpe:2.3:a:perl:perl:0.62:::::::*
cpe:2.3:a:perl:perl:1.22:::::::*
cpe:2.3:a:perl:perl:2.2.1:::::::*
cpe:2.3:a:perl:perl:2.5.0:::::::*
cpe:2.3:a:perl:perl:2.2.2:::::::*
cpe:2.3:a:perl:perl:2.7.1:::::::*
cpe:2.3:a:perl:perl:2.10.1:::::::*
cpe:2.3:a:perl:perl:0.86:::::::*
cpe:2.3:a:perl:perl:2.1.3:::::::*
cpe:2.3:a:perl:perl:2.7.0:::::::*
cpe:2.3:a:perl:perl:2.11.7:::::::*
cpe:2.3:a:perl:perl:2.8.1:::::::*
cpe:2.3:a:perl:perl:2.13.0:::::::*
cpe:2.3:a:perl:perl:1.45:::::::*
cpe:2.3:a:perl:perl:0.69:::::::*
cpe:2.3:a:perl:perl:2.8.6:::::::*
cpe:2.3:a:perl:perl:0.87:::::::*
cpe:2.3:a:perl:perl:2.6.3:::::::*
cpe:2.3:a:perl:perl:2.6.6:::::::*
cpe:2.3:a:perl:perl:2.6.1:::::::*
cpe:2.3:a:perl:perl:1.32:::::::*
cpe:2.3:a:perl:perl:2.16.0:::::::*
cpe:2.3:a:perl:perl:2.9.0:::::::*
cpe:2.3:a:perl:perl:0.5:::::::*
cpe:2.3:a:perl:perl:2.14.1:::::::*
cpe:2.3:a:perl:perl:0.2:::::::*
cpe:2.3:a:perl:perl:1.49:::::::*
cpe:2.3:a:perl:perl:0.65:::::::*
cpe:2.3:a:perl:perl:0.1:::::::*
cpe:2.3:a:perl:perl:2.8.4:::::::*
cpe:2.3:a:perl:perl:0.84:::::::*
cpe:2.3:a:perl:perl:0.68:::::::*
cpe:2.3:a:perl:perl:0.4:::::::*
cpe:2.3:a:perl:perl:0.99:::::::*
cpe:2.3:a:perl:perl:2.12.0:::::::*
cpe:2.3:a:perl:perl:2.9.1:::::::*
cpe:2.3:a:perl:perl:0.82:::::::*
cpe:2.3:a:perl:perl:2.10.2:::::::*
cpe:2.3:a:perl:perl:2.6.0:::::::*
cpe:2.3:a:perl:perl:0.94:::::::*
cpe:2.3:a:perl:perl:1.43:::::::*
cpe:2.3:a:perl:perl:0.52:::::::*
cpe:2.3:a:perl:perl:2.1.1:::::::*
cpe:2.3:a:perl:perl:0.83:::::::*
cpe:2.3:a:perl:perl:2.8.2:::::::*
cpe:2.3:a:perl:perl:2.8.8:::::::*
cpe:2.3:a:perl:perl:2.9.2:::::::*
cpe:2.3:a:perl:perl:1.40:::::::*
cpe:2.3:a:perl:perl:2.15.1:::::::*
cpe:2.3:a:perl:perl:2.10.5:::::::*
cpe:2.3:a:perl:perl:2.17.2:::::::*
cpe:2.3:a:perl:perl:1.46:::::::*
cpe:2.3:a:perl:perl:2.10.4:::::::*
cpe:2.3:a:perl:perl:0.66:::::::*
cpe:2.3:a:perl:perl:0.63:::::::*
cpe:2.3:a:perl:perl:0.95:::::::*
cpe:2.3:a:perl:perl:0.90:::::::*
cpe:2.3:a:perl:perl:2.1.2:::::::*
cpe:2.3:a:perl:perl:2.5.1:::::::*
cpe:2.3:a:perl:perl:2.8.0:::::::*
cpe:2.3:a:perl:perl:2.11.8:::::::*
cpe:2.3:a:perl:perl:0.93:::::::*
cpe:2.3:a:perl:perl:1.31:::::::*
cpe:2.3:a:perl:perl:2.6.5:::::::*
cpe:2.3:a:perl:perl:2.0.0:::::::*
cpe:2.3:a:perl:perl:1.00:::::::*
cpe:2.3:a:perl:perl:2.8.3:::::::*
cpe:2.3:a:perl:perl:0.72:::::::*
cpe:2.3:a:perl:perl:2.2.0:::::::*
cpe:2.3:a:perl:perl:0.92:::::::*
cpe:2.3:a:perl:perl:0.85:::::::*
cpe:2.3:a:perl:perl:2.14.0:::::::*
cpe:2.3:a:perl:perl:1.48:::::::*
cpe:2.3:a:perl:perl:0.70:::::::*
cpe:2.3:a:perl:perl:2.18.0:::::::*