All the vulnerabilites related to dbd-mysql_project - dbd-mysql
cve-2016-1249
Vulnerability from cvelistv5
Published
2017-02-16 18:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/11/16/1 | mailing-list, x_refsource_MLIST | |
| https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94350 | vdb-entry, x_refsource_BID | |
| http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201701-51 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20161115 CVE-2016-1249: Out-of-bounds read by DBD::mysql \u003e= version 2.9003",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/16/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe"
},
{
"name": "94350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94350"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes"
},
{
"name": "GLSA-201701-51",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "[oss-security] 20161115 CVE-2016-1249: Out-of-bounds read by DBD::mysql \u003e= version 2.9003",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/16/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe"
},
{
"name": "94350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94350"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes"
},
{
"name": "GLSA-201701-51",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-51"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161115 CVE-2016-1249: Out-of-bounds read by DBD::mysql \u003e= version 2.9003",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/16/1"
},
{
"name": "https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe",
"refsource": "CONFIRM",
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe"
},
{
"name": "94350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94350"
},
{
"name": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes",
"refsource": "CONFIRM",
"url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes"
},
{
"name": "GLSA-201701-51",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-51"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1249",
"datePublished": "2017-02-16T18:00:00",
"dateReserved": "2015-12-27T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8949
Vulnerability from cvelistv5
Published
2016-08-19 21:00
Modified
2024-08-06 08:36
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156 | x_refsource_CONFIRM | |
| https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html | x_refsource_MISC | |
| https://github.com/perl5-dbi/DBD-mysql/blob/4.033_01/Changes | x_refsource_CONFIRM | |
| https://github.com/perl5-dbi/DBD-mysql/pull/45 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3635 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2016/07/27/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/07/25/13 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/92118 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201701-51 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:36:30.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/blob/4.033_01/Changes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/pull/45"
},
{
"name": "DSA-3635",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3635"
},
{
"name": "[oss-security] 20160726 Re: Use after free in my_login() function of DBD::mysql (Perl module)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/27/1"
},
{
"name": "[oss-security] 20160725 Use after free in my_login() function of DBD::mysql (Perl module)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/25/13"
},
{
"name": "92118",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92118"
},
{
"name": "GLSA-201701-51",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/blob/4.033_01/Changes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/pull/45"
},
{
"name": "DSA-3635",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3635"
},
{
"name": "[oss-security] 20160726 Re: Use after free in my_login() function of DBD::mysql (Perl module)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/27/1"
},
{
"name": "[oss-security] 20160725 Use after free in my_login() function of DBD::mysql (Perl module)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/25/13"
},
{
"name": "92118",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92118"
},
{
"name": "GLSA-201701-51",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-51"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156",
"refsource": "CONFIRM",
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156"
},
{
"name": "https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html",
"refsource": "MISC",
"url": "https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html"
},
{
"name": "https://github.com/perl5-dbi/DBD-mysql/blob/4.033_01/Changes",
"refsource": "CONFIRM",
"url": "https://github.com/perl5-dbi/DBD-mysql/blob/4.033_01/Changes"
},
{
"name": "https://github.com/perl5-dbi/DBD-mysql/pull/45",
"refsource": "CONFIRM",
"url": "https://github.com/perl5-dbi/DBD-mysql/pull/45"
},
{
"name": "DSA-3635",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3635"
},
{
"name": "[oss-security] 20160726 Re: Use after free in my_login() function of DBD::mysql (Perl module)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/27/1"
},
{
"name": "[oss-security] 20160725 Use after free in my_login() function of DBD::mysql (Perl module)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/25/13"
},
{
"name": "92118",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92118"
},
{
"name": "GLSA-201701-51",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-51"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8949",
"datePublished": "2016-08-19T21:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T08:36:30.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10789
Vulnerability from cvelistv5
Published
2017-07-01 18:00
Modified
2024-08-05 17:50
Severity ?
EPSS score ?
Summary
The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99364 | vdb-entry, x_refsource_BID | |
| https://github.com/perl5-dbi/DBD-mysql/issues/140 | x_refsource_MISC | |
| https://github.com/perl5-dbi/DBD-mysql/pull/114 | x_refsource_MISC | |
| https://github.com/perl5-dbi/DBD-mysql/issues/110 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99364",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99364"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/issues/140"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/pull/114"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/issues/110"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting\u0027s documentation has a \"your communication with the server will be encrypted\" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "99364",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99364"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/issues/140"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/pull/114"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/issues/110"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting\u0027s documentation has a \"your communication with the server will be encrypted\" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99364",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99364"
},
{
"name": "https://github.com/perl5-dbi/DBD-mysql/issues/140",
"refsource": "MISC",
"url": "https://github.com/perl5-dbi/DBD-mysql/issues/140"
},
{
"name": "https://github.com/perl5-dbi/DBD-mysql/pull/114",
"refsource": "MISC",
"url": "https://github.com/perl5-dbi/DBD-mysql/pull/114"
},
{
"name": "https://github.com/perl5-dbi/DBD-mysql/issues/110",
"refsource": "MISC",
"url": "https://github.com/perl5-dbi/DBD-mysql/issues/110"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10789",
"datePublished": "2017-07-01T18:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9906
Vulnerability from cvelistv5
Published
2016-08-19 21:00
Modified
2024-08-06 14:02
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://rt.cpan.org/Public/Bug/Display.html?id=97625 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/07/27/5 | mailing-list, x_refsource_MLIST | |
| https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/07/27/6 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2016/dsa-3635 | vendor-advisory, x_refsource_DEBIAN | |
| http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/92149 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:02:36.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=97625"
},
{
"name": "[oss-security] 20160727 CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/27/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc"
},
{
"name": "[oss-security] 20160727 Re: CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/27/6"
},
{
"name": "DSA-3635",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3635"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog"
},
{
"name": "92149",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=97625"
},
{
"name": "[oss-security] 20160727 CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/27/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc"
},
{
"name": "[oss-security] 20160727 Re: CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/27/6"
},
{
"name": "DSA-3635",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3635"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog"
},
{
"name": "92149",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-9906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rt.cpan.org/Public/Bug/Display.html?id=97625",
"refsource": "CONFIRM",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=97625"
},
{
"name": "[oss-security] 20160727 CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/27/5"
},
{
"name": "https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc",
"refsource": "CONFIRM",
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc"
},
{
"name": "[oss-security] 20160727 Re: CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/27/6"
},
{
"name": "DSA-3635",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3635"
},
{
"name": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog",
"refsource": "CONFIRM",
"url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog"
},
{
"name": "92149",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-9906",
"datePublished": "2016-08-19T21:00:00",
"dateReserved": "2016-07-27T00:00:00",
"dateUpdated": "2024-08-06T14:02:36.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1246
Vulnerability from cvelistv5
Published
2016-10-05 16:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html | x_refsource_CONFIRM | |
| https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93337 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2016/dsa-3684 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/201701-51 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
},
{
"name": "93337",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93337"
},
{
"name": "DSA-3684",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3684"
},
{
"name": "GLSA-201701-51",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
},
{
"name": "93337",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93337"
},
{
"name": "DSA-3684",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3684"
},
{
"name": "GLSA-201701-51",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-51"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html",
"refsource": "CONFIRM",
"url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
},
{
"name": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2",
"refsource": "CONFIRM",
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
},
{
"name": "93337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93337"
},
{
"name": "DSA-3684",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3684"
},
{
"name": "GLSA-201701-51",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-51"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1246",
"datePublished": "2016-10-05T16:00:00",
"dateReserved": "2015-12-27T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10788
Vulnerability from cvelistv5
Published
2017-07-01 18:00
Modified
2024-08-05 17:50
Severity ?
EPSS score ?
Summary
The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2017/q2/443 | x_refsource_MISC | |
| https://github.com/perl5-dbi/DBD-mysql/issues/120 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/99374 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2017/q2/443"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/issues/120"
},
{
"name": "99374",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/oss-sec/2017/q2/443"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/issues/120"
},
{
"name": "99374",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99374"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/oss-sec/2017/q2/443",
"refsource": "MISC",
"url": "http://seclists.org/oss-sec/2017/q2/443"
},
{
"name": "https://github.com/perl5-dbi/DBD-mysql/issues/120",
"refsource": "MISC",
"url": "https://github.com/perl5-dbi/DBD-mysql/issues/120"
},
{
"name": "99374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99374"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10788",
"datePublished": "2017-07-01T18:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1251
Vulnerability from cvelistv5
Published
2016-11-29 20:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tracker.debian.org/news/819888 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/11/28/2 | x_refsource_CONFIRM | |
| https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-mysql-perl.git/commit/?id=a8b97e4713391b1f8beffbfddac483c276feaff1 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94573 | vdb-entry, x_refsource_BID | |
| https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201701-51 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | DBD::mysql before 4.041 |
Version: DBD::mysql before 4.041 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tracker.debian.org/news/819888"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/28/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-mysql-perl.git/commit/?id=a8b97e4713391b1f8beffbfddac483c276feaff1"
},
{
"name": "94573",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94573"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1"
},
{
"name": "GLSA-201701-51",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DBD::mysql before 4.041",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "DBD::mysql before 4.041"
}
]
}
],
"datePublic": "2016-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tracker.debian.org/news/819888"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/28/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-mysql-perl.git/commit/?id=a8b97e4713391b1f8beffbfddac483c276feaff1"
},
{
"name": "94573",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94573"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1"
},
{
"name": "GLSA-201701-51",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-51"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DBD::mysql before 4.041",
"version": {
"version_data": [
{
"version_value": "DBD::mysql before 4.041"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tracker.debian.org/news/819888",
"refsource": "CONFIRM",
"url": "https://tracker.debian.org/news/819888"
},
{
"name": "http://www.openwall.com/lists/oss-security/2016/11/28/2",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2016/11/28/2"
},
{
"name": "https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-mysql-perl.git/commit/?id=a8b97e4713391b1f8beffbfddac483c276feaff1",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-mysql-perl.git/commit/?id=a8b97e4713391b1f8beffbfddac483c276feaff1"
},
{
"name": "94573",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94573"
},
{
"name": "https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1",
"refsource": "CONFIRM",
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1"
},
{
"name": "GLSA-201701-51",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-51"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1251",
"datePublished": "2016-11-29T20:00:00",
"dateReserved": "2015-12-27T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2016-11-29 20:59
Modified
2024-11-21 02:46
Severity ?
Summary
There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0000_0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5D59D2-7D0E-41D7-B15C-D412716F1662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0001_1:*:*:*:*:*:*:*",
"matchCriteriaId": "06E53A50-7658-4BF4-B3BB-014D4D00CD56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0001_2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3D81109-EDB9-47D4-B0CC-A71195A39709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0001_3:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA33576-D1DF-4106-9929-C2482D6C2034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0002_1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D97E779-B23A-432C-B832-1DCBB99B4A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0002_2:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF388AF-E0B9-471D-91D5-7840CD009B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0002_3:*:*:*:*:*:*:*",
"matchCriteriaId": "570B852E-1CD8-4671-84A8-5414CE3E6773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0002_4:*:*:*:*:*:*:*",
"matchCriteriaId": "B934765F-4B26-42E1-A7C7-6AF3C1D390DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0002_5:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6F3F92-EC7E-4AD7-A497-364B938E915A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0003_1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFCBD8B5-4144-4F6F-BC0D-491D7BA17857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0004_1:*:*:*:*:*:*:*",
"matchCriteriaId": "36F3476F-0ED2-4196-ADEC-6D611172E055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0005:*:*:*:*:*:*:*",
"matchCriteriaId": "F454E8C5-E326-4413-9CE6-B4E222C3F5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0005_1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE670AC4-0B5F-4700-94D9-B4F948A4A710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0007_2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A3EBB4-E5BF-4D2E-A03D-CF616205A667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0008_1:*:*:*:*:*:*:*",
"matchCriteriaId": "57376B91-8F48-42A6-9E13-2B05499F6CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0009_1:*:*:*:*:*:*:*",
"matchCriteriaId": "8522692F-F52D-4542-A742-C10864F9D382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "47DA41EC-4385-4393-8778-C8CABCE9B17D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.001:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0E72A6-B0EC-4DCF-A1DC-846D559530BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.002:*:*:*:*:*:*:*",
"matchCriteriaId": "BF762FDD-0958-42D8-9180-7263D1710179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.003:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A29C41-B868-4D66-86FD-39AA932582ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.004:*:*:*:*:*:*:*",
"matchCriteriaId": "30DE9498-ECA5-4817-9E9D-5BF6F28E0B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.005:*:*:*:*:*:*:*",
"matchCriteriaId": "D889E422-F557-457C-9B40-DDAAF0C36F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.006:*:*:*:*:*:*:*",
"matchCriteriaId": "9421E26B-0B67-451E-BFB3-754616C72581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.007:*:*:*:*:*:*:*",
"matchCriteriaId": "C71E399D-BDF6-4CF2-B94A-C3CF5057A478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.008:*:*:*:*:*:*:*",
"matchCriteriaId": "57096741-346E-425D-B6A4-D6B85670B67F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.009:*:*:*:*:*:*:*",
"matchCriteriaId": "F9728447-CD4B-4446-B639-DECFF61698D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.010:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F3B551-B0F3-421B-993E-0FA5A93FFA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.011:*:*:*:*:*:*:*",
"matchCriteriaId": "C62B9D09-B9F2-4A8D-8961-67CFEBE5A8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.012:*:*:*:*:*:*:*",
"matchCriteriaId": "7E633E4C-5A1D-4F71-A9EB-98FAD8B7A6C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.013:*:*:*:*:*:*:*",
"matchCriteriaId": "FA41340C-395A-4340-83EE-DF5DB2C6E7B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.014:*:*:*:*:*:*:*",
"matchCriteriaId": "A213F4F9-7117-4E26-8E54-D4EEB992CADC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.015:*:*:*:*:*:*:*",
"matchCriteriaId": "E9870F6F-F5E4-4CF4-BD36-B852E9DF2BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.016:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9AB8C1-C8AB-4B8E-994A-C326DBAA0E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.017:*:*:*:*:*:*:*",
"matchCriteriaId": "C79BED25-D6C7-49B5-B259-CE85958E699D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.018:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2E8485-0016-418E-93D4-B966723BE7F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.019:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB87D62-FE94-4ED2-9A40-CCD66E0D4FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.020:*:*:*:*:*:*:*",
"matchCriteriaId": "722F41AF-A845-48B1-8369-C237802B0F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.021:*:*:*:*:*:*:*",
"matchCriteriaId": "3A030DC2-0339-46A8-812E-14462645A19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.022:*:*:*:*:*:*:*",
"matchCriteriaId": "BF8092DC-4917-49AA-8F14-298D074CA0F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.023:*:*:*:*:*:*:*",
"matchCriteriaId": "BBA7D382-C3CF-4708-878B-43A7A29775DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.024:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6471E7-B024-4DA2-80DA-4DD4596D21F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.025:*:*:*:*:*:*:*",
"matchCriteriaId": "75B893A9-DD2E-4EA1-AA60-CE8CE06731A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.026:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9464F0-7DF4-4807-8995-FAC8186CE250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.027:*:*:*:*:*:*:*",
"matchCriteriaId": "F39AD7FA-24A5-4BF3-A4F5-7F1A286DE9B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.028:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB93BC1-3D5E-4383-8A53-5B9F8377B6EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.029:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC53E73-4B33-4AFD-8AA2-D660C6D4C24F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.030_01:*:*:*:*:*:*:*",
"matchCriteriaId": "BA37141F-F70B-4C27-A2B5-18D0F41C95B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.030_02:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2D4C74-0A14-400F-8C7A-BB2277FDD9AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.031:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7ED4CE-1576-4B7A-85E5-17A8EC23842B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.032:*:*:*:*:*:*:*",
"matchCriteriaId": "F06CB782-ED43-4921-A539-4B4594600C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.032_01:*:*:*:*:*:*:*",
"matchCriteriaId": "D4FE24CE-C089-4E93-819B-3C1877611B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.032_02:*:*:*:*:*:*:*",
"matchCriteriaId": "78BAFED8-F273-4A1C-8DE1-26B689CB9EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.032_03:*:*:*:*:*:*:*",
"matchCriteriaId": "42F8A84B-C606-4082-86B1-2088DE9A03D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.033:*:*:*:*:*:*:*",
"matchCriteriaId": "855C6840-C1EF-4112-B3C9-6B742D593EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.033_01:*:*:*:*:*:*:*",
"matchCriteriaId": "A613F823-D304-4C51-B904-2918E566CAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.033_02:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A5607D-8AC4-44F5-B99A-B60ADF2E7EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.033_03:*:*:*:*:*:*:*",
"matchCriteriaId": "F283A26E-C7A8-4CD8-97B1-E42D2E5B752D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.034:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB4FD17-2403-4706-8587-7B5014CBFA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.035:*:*:*:*:*:*:*",
"matchCriteriaId": "49162A04-1D50-492E-82E4-4182E3D19462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.035_01:*:*:*:*:*:*:*",
"matchCriteriaId": "7E489128-1686-4158-9E50-98BD316C8346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.035_02:*:*:*:*:*:*:*",
"matchCriteriaId": "A527AB84-A00B-485B-BE46-8A108FC2FFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.035_03:*:*:*:*:*:*:*",
"matchCriteriaId": "819AFBF6-DF4E-4230-99EF-2284068392A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.036:*:*:*:*:*:*:*",
"matchCriteriaId": "D10258EC-F083-48A6-BAC9-BBB5F0266D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.037:*:*:*:*:*:*:*",
"matchCriteriaId": "21982316-2511-4BD4-9B83-8E29BDBF6AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.037_01:*:*:*:*:*:*:*",
"matchCriteriaId": "79851BA3-BB2C-4486-A58F-86208720DAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.038:*:*:*:*:*:*:*",
"matchCriteriaId": "7196E24B-8019-446E-AC48-A536DBE99888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.038_01:*:*:*:*:*:*:*",
"matchCriteriaId": "A52005E5-87BE-4668-AD83-040BFB30AF77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.039:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8C2A12-41F9-4D12-A278-FB32E45B7FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.040:*:*:*:*:*:*:*",
"matchCriteriaId": "0DEF0815-D607-47F9-AE72-6ACB20C4C46B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de tipo uso despu\u00e9s de liberaci\u00f3n de memoria afectando a DBD::mysql (tambi\u00e9n conocido como DBD-mysql o el controlador Database Interface (DBI) MySQL para Perl) 3.x y 4.x en versiones anteriores a 4.041 cuando se usa con mysql_server_prepare=1."
}
],
"id": "CVE-2016-1251",
"lastModified": "2024-11-21T02:46:02.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-29T20:59:00.170",
"references": [
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/28/2"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94573"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-mysql-perl.git/commit/?id=a8b97e4713391b1f8beffbfddac483c276feaff1"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1"
},
{
"source": "security@debian.org",
"url": "https://security.gentoo.org/glsa/201701-51"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://tracker.debian.org/news/819888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/28/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-mysql-perl.git/commit/?id=a8b97e4713391b1f8beffbfddac483c276feaff1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tracker.debian.org/news/819888"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-19 21:59
Modified
2024-11-21 02:21
Severity ?
Summary
Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| dbd-mysql_project | dbd-mysql | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11802C6C-236E-4C5F-B56D-82B6CE2AF2C5",
"versionEndIncluding": "4.028",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de memoria en DBD::mysql en versiones anteriores a 4.029 permite a atacantes provocar una denegaci\u00f3n de servicio (ca\u00edda del programa) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores relacionados con una conexi\u00f3n de servidor perdida."
}
],
"id": "CVE-2014-9906",
"lastModified": "2024-11-21T02:21:56.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-19T21:59:00.133",
"references": [
{
"source": "security@debian.org",
"tags": [
"Release Notes"
],
"url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3635"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"VDB Entry"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/27/5"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"VDB Entry"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/27/6"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/92149"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=97625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"VDB Entry"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/27/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"VDB Entry"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=97625"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-19 21:59
Modified
2024-11-21 02:39
Severity ?
Summary
Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dbd-mysql_project | dbd-mysql | 4.033 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.033:*:*:*:*:*:*:*",
"matchCriteriaId": "855C6840-C1EF-4112-B3C9-6B742D593EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de memoria en la funci\u00f3n my_login en DBD::mysql en versiones anteriores a 4.033_01 permite a atacantes tener impacto no especificado aprovechando una llamada a mysql_errno desp\u00faes de un fallo de my_login."
}
],
"id": "CVE-2015-8949",
"lastModified": "2024-11-21T02:39:31.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-19T21:59:02.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3635"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/25/13"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/27/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92118"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/blob/4.033_01/Changes"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/pull/45"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201701-51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/25/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/27/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/blob/4.033_01/Changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/pull/45"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-51"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-01 18:29
Modified
2024-11-21 03:06
Severity ?
Summary
The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/oss-sec/2017/q2/443 | Mailing List, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/99374 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/perl5-dbi/DBD-mysql/issues/120 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2017/q2/443 | Mailing List, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99374 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/perl5-dbi/DBD-mysql/issues/120 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dbd-mysql_project | dbd-mysql | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B381B18D-5C6F-4805-ABE8-7C07E39EC1F2",
"versionEndIncluding": "4.043",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples."
},
{
"lang": "es",
"value": "El m\u00f3dulo DBD::mysql hasta la versi\u00f3n 4.043 para Perl, permite a atacantes remotos causar una denegaci\u00f3n de servicio (uso de la memoria previamente liberada y bloqueo de la aplicaci\u00f3n) o posiblemente tener otro impacto no especificado mediante el desencadenamiento de (1) ciertas respuestas de error de un servidor MySQL o (2) una p\u00e9rdida de una conexi\u00f3n red en un servidor MySQL. El fallo de uso de la memoria previamente liberada se introdujo por confiar en la documentaci\u00f3n inapropiada de mysql_stmt_close de Oracle y ejemplos de c\u00f3digo.El m\u00f3dulo DBD::mysql hasta la versi\u00f3n 4.043 para Perl, permite a atacantes remotos causar una denegaci\u00f3n de servicio (uso de la memoria previamente liberada y bloqueo de la aplicaci\u00f3n) o posiblemente tener otro impacto no especificado mediante el desencadenamiento de (1) ciertas respuestas de error de un servidor MySQL o (2) una p\u00e9rdida de una conexi\u00f3n red en un servidor MySQL. El fallo de uso de la memoria previamente liberada se introdujo por confiar en la documentaci\u00f3n inapropiada de mysql_stmt_close de Oracle y ejemplos de c\u00f3digo."
}
],
"id": "CVE-2017-10788",
"lastModified": "2024-11-21T03:06:29.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-01T18:29:00.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"VDB Entry"
],
"url": "http://seclists.org/oss-sec/2017/q2/443"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99374"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/issues/120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"VDB Entry"
],
"url": "http://seclists.org/oss-sec/2017/q2/443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/issues/120"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-01 18:29
Modified
2024-11-21 03:06
Severity ?
Summary
The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/99364 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/perl5-dbi/DBD-mysql/issues/110 | Third Party Advisory | |
| cve@mitre.org | https://github.com/perl5-dbi/DBD-mysql/issues/140 | ||
| cve@mitre.org | https://github.com/perl5-dbi/DBD-mysql/pull/114 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99364 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/perl5-dbi/DBD-mysql/issues/110 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/perl5-dbi/DBD-mysql/issues/140 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/perl5-dbi/DBD-mysql/pull/114 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dbd-mysql_project | dbd-mysql | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B381B18D-5C6F-4805-ABE8-7C07E39EC1F2",
"versionEndIncluding": "4.043",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting\u0027s documentation has a \"your communication with the server will be encrypted\" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152."
},
{
"lang": "es",
"value": "El m\u00f3dulo DBD::mysql hasta la versi\u00f3n 4.043 para Perl, usa la configuraci\u00f3n mysql_ssl=1 para definir que SSL es opcional (aunque la documentaci\u00f3n de esta configuraci\u00f3n tiene una instrucci\u00f3n \"your communication with the server will be encrypted\"), lo que permite a atacantes de tipo man-in-the-middle suplantar servidores por medio de un ataque de degradaci\u00f3n de texto sin cifrar, un problema relacionado con el CVE-2015-3152."
}
],
"id": "CVE-2017-10789",
"lastModified": "2024-11-21T03:06:30.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-01T18:29:00.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99364"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/issues/110"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/perl5-dbi/DBD-mysql/issues/140"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/pull/114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/issues/110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/perl5-dbi/DBD-mysql/issues/140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/pull/114"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 02:59
Modified
2024-11-21 02:46
Severity ?
Summary
The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dbd-mysql_project | dbd-mysql | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C776DED8-B178-4AAA-9A14-23FBA456A3BB",
"versionEndIncluding": "4.038_01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression."
},
{
"lang": "es",
"value": "El m\u00f3dulo DBD::mysql en versiones anteriores a 4.039 para Perl, cuando se utiliza el soporte de sentencia preparada en el servidor, permite a atacantes provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de vectores que implican un n\u00famero no alineado de marcadores de posici\u00f3n en la condici\u00f3n WHERE y campos de salida en expresi\u00f3n SELECT."
}
],
"id": "CVE-2016-1249",
"lastModified": "2024-11-21T02:46:02.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T02:59:10.780",
"references": [
{
"source": "security@debian.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/16/1"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94350"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe"
},
{
"source": "security@debian.org",
"url": "https://security.gentoo.org/glsa/201701-51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/16/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-51"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-10-05 16:59
Modified
2024-11-21 02:46
Severity ?
Summary
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dbd-mysql_project | dbd-mysql | * | |
| perl | perl | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0475EE55-6499-48C9-9B0C-0E0A37C0E677",
"versionEndIncluding": "4.036",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB490BCA-8592-4324-BCE3-396BFD647D5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el m\u00f3dulo DBD::mysql en versiones anteriores a 4.037 para Perl permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de vectores relacionados con un mensaje de error."
}
],
"id": "CVE-2016-1246",
"lastModified": "2024-11-21T02:46:01.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-05T16:59:00.243",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3684"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93337"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201701-51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201701-51"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}