Use of Externally-Controlled Format String

CVE-2012-1151

Medium

5/10

Summary

Multiple format string vulnerabilities in "dbdimp.c" in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a Denial of Service (process crash) via format string specifiers in (1) a crafted database warning to the "pg_warn" function or (2) a crafted DBD statement to the "dbd_st_prepare" function.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: NONE
Availability Impact: PARTIAL

CWE-134 - Use of Externally-Controlled Format String

The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

Advisory Timeline

Published Sep 09, 2012

Use of Externally-Controlled Format String

CVE-2012-1151

Summary

CWE-134 - Use of Externally-Controlled Format String

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS