CVE-2009-1341

Description

Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.

Affected products

• Debian / libdbd-pg-perl1.4.9
• Debian / libdbd-pg-perl0.1 – 0.1
• Debian / libdbd-pg-perl0.2 – 0.2
• Debian / libdbd-pg-perl0.3 – 0.3
• Debian / libdbd-pg-perl0.4 – 0.4
• Debian / libdbd-pg-perl0.5 – 0.5
• Debian / libdbd-pg-perl0.51 – 0.51
• Debian / libdbd-pg-perl0.52 – 0.52
• Debian / libdbd-pg-perl0.61 – 0.61
• Debian / libdbd-pg-perl0.62 – 0.62
• Debian / libdbd-pg-perl0.63 – 0.63
• Debian / libdbd-pg-perl0.64 – 0.64
• Debian / libdbd-pg-perl0.65 – 0.65
• Debian / libdbd-pg-perl0.66 – 0.66
• Debian / libdbd-pg-perl0.67 – 0.67
• Debian / libdbd-pg-perl0.68 – 0.68
• Debian / libdbd-pg-perl0.69 – 0.69
• Debian / libdbd-pg-perl0.70 – 0.70
• Debian / libdbd-pg-perl0.71 – 0.71
• Debian / libdbd-pg-perl0.72 – 0.72
• Debian / libdbd-pg-perl0.73 – 0.73
• Debian / libdbd-pg-perl0.80 – 0.80
• Debian / libdbd-pg-perl0.81 – 0.81
• Debian / libdbd-pg-perl0.82 – 0.82
• Debian / libdbd-pg-perl0.83 – 0.83
• Debian / libdbd-pg-perl0.84 – 0.84
• Debian / libdbd-pg-perl0.85 – 0.85
• Debian / libdbd-pg-perl0.86 – 0.86
• Debian / libdbd-pg-perl0.87 – 0.87
• Debian / libdbd-pg-perl0.88 – 0.88
• Debian / libdbd-pg-perl0.89 – 0.89
• Debian / libdbd-pg-perl0.90 – 0.90
• Debian / libdbd-pg-perl0.91 – 0.91
• Debian / libdbd-pg-perl0.92 – 0.92
• Debian / libdbd-pg-perl0.93 – 0.93
• Debian / libdbd-pg-perl0.94 – 0.94
• Debian / libdbd-pg-perl0.95 – 0.95
• Debian / libdbd-pg-perl0.96 – 0.96
• Debian / libdbd-pg-perl0.97 – 0.97
• Debian / libdbd-pg-perl0.98 – 0.98
• Debian / libdbd-pg-perl0.99 – 0.99
• Debian / libdbd-pg-perl1.0.0 – 1.0.0
• Debian / libdbd-pg-perl1.0.1 – 1.0.1
• Debian / libdbd-pg-perl1.2.0 – 1.2.0
• Debian / libdbd-pg-perl1.2.1 – 1.2.1
• Debian / libdbd-pg-perl1.2.2 – 1.2.2
• Debian / libdbd-pg-perl1.3.1 – 1.3.1
• Debian / libdbd-pg-perl1.3.2 – 1.3.2
• Debian / libdbd-pg-perl1.4.0 – 1.4.0
• Debian / libdbd-pg-perl1.4.1 – 1.4.1
• Debian / libdbd-pg-perl1.4.2 – 1.4.2
• Debian / libdbd-pg-perl1.4.3 – 1.4.3
• Debian / libdbd-pg-perl1.4.4 – 1.4.4
• Debian / libdbd-pg-perl1.4.5 – 1.4.5
• Debian / libdbd-pg-perl1.4.6 – 1.4.6
• Debian / libdbd-pg-perl1.4.7 – 1.4.7
• Debian / libdbd-pg-perl1.4.8 – 1.4.8

References

• MISChttp://www.redhat.com/support/errata/RHSA-2009-1067.html
• MISChttp://www.securityfocus.com/bid/34757
• VENDOR_ADVISORYhttp://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz
• MISChttps://launchpad.net/bugs/cve/2009-1341
• VENDOR_ADVISORYhttp://secunia.com/advisories/34909
• MISChttp://www.redhat.com/support/errata/RHSA-2009-0479.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/35685
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9680
• MISChttp://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.13.1/Changes
• VENDOR_ADVISORYhttp://www.debian.org/security/2009/dsa-1780
• MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/35058
• MISChttp://rt.cpan.org/Public/Bug/Display.html?id=21392
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/50387