Strix
26.1K

CVE-2012-1151

UnknownEPSS 2.74%

Last modified

CVE-2012-1151 is a vulnerability of currently unknown severity. Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.. EPSS estimates a 2.74% chance of exploitation in the next 30 days.

Description

Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.

Metrics

EPSS Probability
2.74%

84.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
PerlPerl<= 2.18.1
PerlPerl0.1
PerlPerl0.2
PerlPerl0.3
PerlPerl0.4
PerlPerl0.5
PerlPerl0.52
PerlPerl0.61
PerlPerl0.62
PerlPerl0.63
PerlPerl0.64
PerlPerl0.65
PerlPerl0.66
PerlPerl0.67
PerlPerl0.68
PerlPerl0.69
PerlPerl0.70
PerlPerl0.71
PerlPerl0.72
PerlPerl0.73
PerlPerl0.80
PerlPerl0.81
PerlPerl0.82
PerlPerl0.83
PerlPerl0.84
PerlPerl0.85
PerlPerl0.86
PerlPerl0.87
PerlPerl0.88
PerlPerl0.89
PerlPerl0.90
PerlPerl0.91
PerlPerl0.92
PerlPerl0.93
PerlPerl0.94
PerlPerl0.95
PerlPerl0.96
PerlPerl0.97
PerlPerl0.98
PerlPerl0.99
PerlPerl1.00
PerlPerl1.01
PerlPerl1.20
PerlPerl1.21
PerlPerl1.22
PerlPerl1.31
PerlPerl1.32
PerlPerl1.40
PerlPerl1.41
PerlPerl1.42

Showing 50 of 120 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2012-1151?
Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.
How severe is CVE-2012-1151?
Severity scoring for CVE-2012-1151 is pending analysis. The EPSS model estimates a 2.74% probability of exploitation in the next 30 days.
How do I fix CVE-2012-1151?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-1151?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST