CVE-2014-10402
Summary
| CVE | CVE-2014-10402 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-09-16 16:15:00 UTC |
| Updated | 2022-06-02 14:15:00 UTC |
| Description | An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401. |
Risk And Classification
Problem Types: CWE-732
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Bug #99508 for DBI: Tables will erroneously be opened in current folder if f_dir set to a relative path that does not exist | MISC | rt.cpan.org | Exploit, Patch, Third Party Advisory |
| [SECURITY] [DLA 3035-1] libdbi-perl security update | MLIST | lists.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 179336 Debian Security Update for libdbi-perl (DLA 3035-1)
- 198450 Ubuntu Security Notification for Perl DBI module vulnerabilities (USN-5030-1)
- 296108 Oracle Solaris 11.4 Support Repository Update (SRU) 66.164.1 Missing (CPUJAN2024)
- 501989 Alpine Linux Security Update for perl-dbi
- 504279 Alpine Linux Security Update for perl-dbi
- 670585 EulerOS Security Update for perl-DBI (EulerOS-SA-2021-2343)
- 670662 EulerOS Security Update for perl-DBI (EulerOS-SA-2021-2421)
- 671136 EulerOS Security Update for perl-DBI (EulerOS-SA-2021-2605)
- 750545 OpenSUSE Security Update for perl-DBI (openSUSE-SU-2020:2064-1)
- 750554 OpenSUSE Security Update for perl-DBI (openSUSE-SU-2020:2051-1)