Description
Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.
Remediation
References
Related Vulnerabilities
MySQL CVE-2016-0646 Vulnerability (CVE-2016-0646)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-3734)
Nginx Use After Free Vulnerability (CVE-2022-32414)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-46243)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8005)