Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    14 vulnerabilities by dbd-mysql_project

    CVE-2017-10789 (GCVE-0-2017-10789)

    Vulnerability from nvd – Published: 2017-07-01 18:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2017-07-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.094Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "99364",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99364"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/issues/140"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/pull/114"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/issues/110"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-07-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting\u0027s documentation has a \"your communication with the server will be encrypted\" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-17T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "99364",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99364"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/issues/140"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/pull/114"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/issues/110"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-10789",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting\u0027s documentation has a \"your communication with the server will be encrypted\" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "99364",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99364"
                },
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/issues/140",
                  "refsource": "MISC",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/issues/140"
                },
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/pull/114",
                  "refsource": "MISC",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/pull/114"
                },
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/issues/110",
                  "refsource": "MISC",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/issues/110"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-10789",
        "datePublished": "2017-07-01T18:00:00.000Z",
        "dateReserved": "2017-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.094Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10788 (GCVE-0-2017-10788)

    Vulnerability from nvd – Published: 2017-07-01 18:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-07-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:11.845Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2017/q2/443"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/issues/120"
              },
              {
                "name": "99374",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99374"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-07-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-04T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://seclists.org/oss-sec/2017/q2/443"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/issues/120"
            },
            {
              "name": "99374",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99374"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-10788",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://seclists.org/oss-sec/2017/q2/443",
                  "refsource": "MISC",
                  "url": "http://seclists.org/oss-sec/2017/q2/443"
                },
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/issues/120",
                  "refsource": "MISC",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/issues/120"
                },
                {
                  "name": "99374",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99374"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-10788",
        "datePublished": "2017-07-01T18:00:00.000Z",
        "dateReserved": "2017-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:11.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1249 (GCVE-0-2016-1249)

    Vulnerability from nvd – Published: 2017-02-16 18:00 – Updated: 2024-08-05 22:48
    VLAI
    Summary
    The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.661Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20161115 CVE-2016-1249: Out-of-bounds read by DBD::mysql \u003e= version 2.9003",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/11/16/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe"
              },
              {
                "name": "94350",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94350"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes"
              },
              {
                "name": "GLSA-201701-51",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-51"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-30T16:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "[oss-security] 20161115 CVE-2016-1249: Out-of-bounds read by DBD::mysql \u003e= version 2.9003",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/11/16/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe"
            },
            {
              "name": "94350",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94350"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes"
            },
            {
              "name": "GLSA-201701-51",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-51"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2016-1249",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20161115 CVE-2016-1249: Out-of-bounds read by DBD::mysql \u003e= version 2.9003",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/11/16/1"
                },
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe"
                },
                {
                  "name": "94350",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94350"
                },
                {
                  "name": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes",
                  "refsource": "CONFIRM",
                  "url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes"
                },
                {
                  "name": "GLSA-201701-51",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-51"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2016-1249",
        "datePublished": "2017-02-16T18:00:00.000Z",
        "dateReserved": "2015-12-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:48:13.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1251 (GCVE-0-2016-1251)

    Vulnerability from nvd – Published: 2016-11-29 20:00 – Updated: 2024-08-05 22:48
    VLAI
    Summary
    There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.
    Severity
    No CVSS data available.
    CWE
    • use after free
    Assigner
    Impacted products
    Vendor Product Version
    n/a DBD::mysql before 4.041 Affected: DBD::mysql before 4.041
    Date Public
    2016-11-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.671Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tracker.debian.org/news/819888"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/11/28/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-mysql-perl.git/commit/?id=a8b97e4713391b1f8beffbfddac483c276feaff1"
              },
              {
                "name": "94573",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94573"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1"
              },
              {
                "name": "GLSA-201701-51",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-51"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DBD::mysql before 4.041",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "DBD::mysql before 4.041"
                }
              ]
            }
          ],
          "datePublic": "2016-11-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "use after free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-30T16:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tracker.debian.org/news/819888"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/11/28/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-mysql-perl.git/commit/?id=a8b97e4713391b1f8beffbfddac483c276feaff1"
            },
            {
              "name": "94573",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94573"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1"
            },
            {
              "name": "GLSA-201701-51",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-51"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2016-1251",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "DBD::mysql before 4.041",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "DBD::mysql before 4.041"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "use after free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tracker.debian.org/news/819888",
                  "refsource": "CONFIRM",
                  "url": "https://tracker.debian.org/news/819888"
                },
                {
                  "name": "http://www.openwall.com/lists/oss-security/2016/11/28/2",
                  "refsource": "CONFIRM",
                  "url": "http://www.openwall.com/lists/oss-security/2016/11/28/2"
                },
                {
                  "name": "https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-mysql-perl.git/commit/?id=a8b97e4713391b1f8beffbfddac483c276feaff1",
                  "refsource": "CONFIRM",
                  "url": "https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-mysql-perl.git/commit/?id=a8b97e4713391b1f8beffbfddac483c276feaff1"
                },
                {
                  "name": "94573",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94573"
                },
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1"
                },
                {
                  "name": "GLSA-201701-51",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-51"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2016-1251",
        "datePublished": "2016-11-29T20:00:00.000Z",
        "dateReserved": "2015-12-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:48:13.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1246 (GCVE-0-2016-1246)

    Vulnerability from nvd – Published: 2016-10-05 16:00 – Updated: 2024-08-05 22:48
    VLAI
    Summary
    Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-10-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.670Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
              },
              {
                "name": "93337",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93337"
              },
              {
                "name": "DSA-3684",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3684"
              },
              {
                "name": "GLSA-201701-51",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-51"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-10-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-30T16:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
            },
            {
              "name": "93337",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93337"
            },
            {
              "name": "DSA-3684",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3684"
            },
            {
              "name": "GLSA-201701-51",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-51"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2016-1246",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html",
                  "refsource": "CONFIRM",
                  "url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
                },
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
                },
                {
                  "name": "93337",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93337"
                },
                {
                  "name": "DSA-3684",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3684"
                },
                {
                  "name": "GLSA-201701-51",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-51"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2016-1246",
        "datePublished": "2016-10-05T16:00:00.000Z",
        "dateReserved": "2015-12-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:48:13.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-8949 (GCVE-0-2015-8949)

    Vulnerability from nvd – Published: 2016-08-19 21:00 – Updated: 2024-08-06 08:36
    VLAI
    Summary
    Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-12-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:36:30.797Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/blob/4.033_01/Changes"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/pull/45"
              },
              {
                "name": "DSA-3635",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3635"
              },
              {
                "name": "[oss-security] 20160726 Re: Use after free in my_login() function of DBD::mysql (Perl module)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/07/27/1"
              },
              {
                "name": "[oss-security] 20160725 Use after free in my_login() function of DBD::mysql (Perl module)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/07/25/13"
              },
              {
                "name": "92118",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/92118"
              },
              {
                "name": "GLSA-201701-51",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-51"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-12-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-30T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/blob/4.033_01/Changes"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/pull/45"
            },
            {
              "name": "DSA-3635",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3635"
            },
            {
              "name": "[oss-security] 20160726 Re: Use after free in my_login() function of DBD::mysql (Perl module)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/07/27/1"
            },
            {
              "name": "[oss-security] 20160725 Use after free in my_login() function of DBD::mysql (Perl module)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/07/25/13"
            },
            {
              "name": "92118",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/92118"
            },
            {
              "name": "GLSA-201701-51",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-51"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-8949",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156"
                },
                {
                  "name": "https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html",
                  "refsource": "MISC",
                  "url": "https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html"
                },
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/blob/4.033_01/Changes",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/blob/4.033_01/Changes"
                },
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/pull/45",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/pull/45"
                },
                {
                  "name": "DSA-3635",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3635"
                },
                {
                  "name": "[oss-security] 20160726 Re: Use after free in my_login() function of DBD::mysql (Perl module)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/07/27/1"
                },
                {
                  "name": "[oss-security] 20160725 Use after free in my_login() function of DBD::mysql (Perl module)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/07/25/13"
                },
                {
                  "name": "92118",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/92118"
                },
                {
                  "name": "GLSA-201701-51",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-51"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-8949",
        "datePublished": "2016-08-19T21:00:00.000Z",
        "dateReserved": "2016-07-26T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:36:30.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-9906 (GCVE-0-2014-9906)

    Vulnerability from nvd – Published: 2016-08-19 21:00 – Updated: 2024-08-06 14:02
    VLAI
    Summary
    Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T14:02:36.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://rt.cpan.org/Public/Bug/Display.html?id=97625"
              },
              {
                "name": "[oss-security] 20160727 CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/07/27/5"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc"
              },
              {
                "name": "[oss-security] 20160727 Re: CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/07/27/6"
              },
              {
                "name": "DSA-3635",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3635"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog"
              },
              {
                "name": "92149",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/92149"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T19:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://rt.cpan.org/Public/Bug/Display.html?id=97625"
            },
            {
              "name": "[oss-security] 20160727 CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/07/27/5"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc"
            },
            {
              "name": "[oss-security] 20160727 Re: CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/07/27/6"
            },
            {
              "name": "DSA-3635",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3635"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog"
            },
            {
              "name": "92149",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/92149"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2014-9906",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://rt.cpan.org/Public/Bug/Display.html?id=97625",
                  "refsource": "CONFIRM",
                  "url": "https://rt.cpan.org/Public/Bug/Display.html?id=97625"
                },
                {
                  "name": "[oss-security] 20160727 CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/07/27/5"
                },
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc"
                },
                {
                  "name": "[oss-security] 20160727 Re: CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/07/27/6"
                },
                {
                  "name": "DSA-3635",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3635"
                },
                {
                  "name": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog",
                  "refsource": "CONFIRM",
                  "url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog"
                },
                {
                  "name": "92149",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/92149"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2014-9906",
        "datePublished": "2016-08-19T21:00:00.000Z",
        "dateReserved": "2016-07-27T00:00:00.000Z",
        "dateUpdated": "2024-08-06T14:02:36.579Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10789 (GCVE-0-2017-10789)

    Vulnerability from cvelistv5 – Published: 2017-07-01 18:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2017-07-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.094Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "99364",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99364"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/issues/140"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/pull/114"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/issues/110"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-07-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting\u0027s documentation has a \"your communication with the server will be encrypted\" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-17T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "99364",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99364"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/issues/140"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/pull/114"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/issues/110"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-10789",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting\u0027s documentation has a \"your communication with the server will be encrypted\" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "99364",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99364"
                },
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/issues/140",
                  "refsource": "MISC",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/issues/140"
                },
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/pull/114",
                  "refsource": "MISC",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/pull/114"
                },
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/issues/110",
                  "refsource": "MISC",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/issues/110"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-10789",
        "datePublished": "2017-07-01T18:00:00.000Z",
        "dateReserved": "2017-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.094Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10788 (GCVE-0-2017-10788)

    Vulnerability from cvelistv5 – Published: 2017-07-01 18:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-07-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:11.845Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2017/q2/443"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/issues/120"
              },
              {
                "name": "99374",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99374"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-07-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-04T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://seclists.org/oss-sec/2017/q2/443"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/issues/120"
            },
            {
              "name": "99374",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99374"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-10788",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://seclists.org/oss-sec/2017/q2/443",
                  "refsource": "MISC",
                  "url": "http://seclists.org/oss-sec/2017/q2/443"
                },
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/issues/120",
                  "refsource": "MISC",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/issues/120"
                },
                {
                  "name": "99374",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99374"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-10788",
        "datePublished": "2017-07-01T18:00:00.000Z",
        "dateReserved": "2017-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:11.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1249 (GCVE-0-2016-1249)

    Vulnerability from cvelistv5 – Published: 2017-02-16 18:00 – Updated: 2024-08-05 22:48
    VLAI
    Summary
    The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.661Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20161115 CVE-2016-1249: Out-of-bounds read by DBD::mysql \u003e= version 2.9003",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/11/16/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe"
              },
              {
                "name": "94350",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94350"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes"
              },
              {
                "name": "GLSA-201701-51",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-51"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-30T16:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "[oss-security] 20161115 CVE-2016-1249: Out-of-bounds read by DBD::mysql \u003e= version 2.9003",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/11/16/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe"
            },
            {
              "name": "94350",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94350"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes"
            },
            {
              "name": "GLSA-201701-51",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-51"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2016-1249",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20161115 CVE-2016-1249: Out-of-bounds read by DBD::mysql \u003e= version 2.9003",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/11/16/1"
                },
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe"
                },
                {
                  "name": "94350",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94350"
                },
                {
                  "name": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes",
                  "refsource": "CONFIRM",
                  "url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes"
                },
                {
                  "name": "GLSA-201701-51",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-51"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2016-1249",
        "datePublished": "2017-02-16T18:00:00.000Z",
        "dateReserved": "2015-12-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:48:13.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1251 (GCVE-0-2016-1251)

    Vulnerability from cvelistv5 – Published: 2016-11-29 20:00 – Updated: 2024-08-05 22:48
    VLAI
    Summary
    There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.
    Severity
    No CVSS data available.
    CWE
    • use after free
    Assigner
    Impacted products
    Vendor Product Version
    n/a DBD::mysql before 4.041 Affected: DBD::mysql before 4.041
    Date Public
    2016-11-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.671Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tracker.debian.org/news/819888"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/11/28/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-mysql-perl.git/commit/?id=a8b97e4713391b1f8beffbfddac483c276feaff1"
              },
              {
                "name": "94573",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94573"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1"
              },
              {
                "name": "GLSA-201701-51",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-51"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DBD::mysql before 4.041",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "DBD::mysql before 4.041"
                }
              ]
            }
          ],
          "datePublic": "2016-11-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "use after free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-30T16:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tracker.debian.org/news/819888"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/11/28/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-mysql-perl.git/commit/?id=a8b97e4713391b1f8beffbfddac483c276feaff1"
            },
            {
              "name": "94573",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94573"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1"
            },
            {
              "name": "GLSA-201701-51",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-51"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2016-1251",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "DBD::mysql before 4.041",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "DBD::mysql before 4.041"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "use after free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tracker.debian.org/news/819888",
                  "refsource": "CONFIRM",
                  "url": "https://tracker.debian.org/news/819888"
                },
                {
                  "name": "http://www.openwall.com/lists/oss-security/2016/11/28/2",
                  "refsource": "CONFIRM",
                  "url": "http://www.openwall.com/lists/oss-security/2016/11/28/2"
                },
                {
                  "name": "https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-mysql-perl.git/commit/?id=a8b97e4713391b1f8beffbfddac483c276feaff1",
                  "refsource": "CONFIRM",
                  "url": "https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-mysql-perl.git/commit/?id=a8b97e4713391b1f8beffbfddac483c276feaff1"
                },
                {
                  "name": "94573",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94573"
                },
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1"
                },
                {
                  "name": "GLSA-201701-51",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-51"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2016-1251",
        "datePublished": "2016-11-29T20:00:00.000Z",
        "dateReserved": "2015-12-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:48:13.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1246 (GCVE-0-2016-1246)

    Vulnerability from cvelistv5 – Published: 2016-10-05 16:00 – Updated: 2024-08-05 22:48
    VLAI
    Summary
    Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-10-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.670Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
              },
              {
                "name": "93337",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93337"
              },
              {
                "name": "DSA-3684",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3684"
              },
              {
                "name": "GLSA-201701-51",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-51"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-10-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-30T16:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
            },
            {
              "name": "93337",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93337"
            },
            {
              "name": "DSA-3684",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3684"
            },
            {
              "name": "GLSA-201701-51",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-51"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2016-1246",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html",
                  "refsource": "CONFIRM",
                  "url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
                },
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
                },
                {
                  "name": "93337",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93337"
                },
                {
                  "name": "DSA-3684",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3684"
                },
                {
                  "name": "GLSA-201701-51",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-51"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2016-1246",
        "datePublished": "2016-10-05T16:00:00.000Z",
        "dateReserved": "2015-12-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:48:13.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-8949 (GCVE-0-2015-8949)

    Vulnerability from cvelistv5 – Published: 2016-08-19 21:00 – Updated: 2024-08-06 08:36
    VLAI
    Summary
    Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-12-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:36:30.797Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/blob/4.033_01/Changes"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/pull/45"
              },
              {
                "name": "DSA-3635",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3635"
              },
              {
                "name": "[oss-security] 20160726 Re: Use after free in my_login() function of DBD::mysql (Perl module)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/07/27/1"
              },
              {
                "name": "[oss-security] 20160725 Use after free in my_login() function of DBD::mysql (Perl module)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/07/25/13"
              },
              {
                "name": "92118",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/92118"
              },
              {
                "name": "GLSA-201701-51",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-51"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-12-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-30T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/blob/4.033_01/Changes"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/pull/45"
            },
            {
              "name": "DSA-3635",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3635"
            },
            {
              "name": "[oss-security] 20160726 Re: Use after free in my_login() function of DBD::mysql (Perl module)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/07/27/1"
            },
            {
              "name": "[oss-security] 20160725 Use after free in my_login() function of DBD::mysql (Perl module)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/07/25/13"
            },
            {
              "name": "92118",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/92118"
            },
            {
              "name": "GLSA-201701-51",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-51"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-8949",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156"
                },
                {
                  "name": "https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html",
                  "refsource": "MISC",
                  "url": "https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html"
                },
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/blob/4.033_01/Changes",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/blob/4.033_01/Changes"
                },
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/pull/45",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/pull/45"
                },
                {
                  "name": "DSA-3635",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3635"
                },
                {
                  "name": "[oss-security] 20160726 Re: Use after free in my_login() function of DBD::mysql (Perl module)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/07/27/1"
                },
                {
                  "name": "[oss-security] 20160725 Use after free in my_login() function of DBD::mysql (Perl module)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/07/25/13"
                },
                {
                  "name": "92118",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/92118"
                },
                {
                  "name": "GLSA-201701-51",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-51"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-8949",
        "datePublished": "2016-08-19T21:00:00.000Z",
        "dateReserved": "2016-07-26T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:36:30.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-9906 (GCVE-0-2014-9906)

    Vulnerability from cvelistv5 – Published: 2016-08-19 21:00 – Updated: 2024-08-06 14:02
    VLAI
    Summary
    Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T14:02:36.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://rt.cpan.org/Public/Bug/Display.html?id=97625"
              },
              {
                "name": "[oss-security] 20160727 CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/07/27/5"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc"
              },
              {
                "name": "[oss-security] 20160727 Re: CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/07/27/6"
              },
              {
                "name": "DSA-3635",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3635"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog"
              },
              {
                "name": "92149",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/92149"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T19:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://rt.cpan.org/Public/Bug/Display.html?id=97625"
            },
            {
              "name": "[oss-security] 20160727 CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/07/27/5"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc"
            },
            {
              "name": "[oss-security] 20160727 Re: CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/07/27/6"
            },
            {
              "name": "DSA-3635",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3635"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog"
            },
            {
              "name": "92149",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/92149"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2014-9906",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://rt.cpan.org/Public/Bug/Display.html?id=97625",
                  "refsource": "CONFIRM",
                  "url": "https://rt.cpan.org/Public/Bug/Display.html?id=97625"
                },
                {
                  "name": "[oss-security] 20160727 CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/07/27/5"
                },
                {
                  "name": "https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc"
                },
                {
                  "name": "[oss-security] 20160727 Re: CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/07/27/6"
                },
                {
                  "name": "DSA-3635",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3635"
                },
                {
                  "name": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog",
                  "refsource": "CONFIRM",
                  "url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog"
                },
                {
                  "name": "92149",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/92149"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2014-9906",
        "datePublished": "2016-08-19T21:00:00.000Z",
        "dateReserved": "2016-07-27T00:00:00.000Z",
        "dateUpdated": "2024-08-06T14:02:36.579Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }