usn-5344-1
Vulnerability from osv_ubuntu
It was discovered that the DBD::mysql module, when configured with server-side prepared statement support, was susceptible to operations that would result in improper memory access. An attacker could possibly use this issue to cause DBD::mysql to crash, resulting in a denial of service. (CVE-2016-1249, CVE-2016-1251)
It was discovered that the DBD::mysql module was susceptible to an operation that would result in improper memory access, introduced through incorrect documentation and code examples. An attacker could possibly use this issue to cause DBD::mysql to crash or potentially cause other, unspecified, impact. (CVE-2017-10788)
It was discovered that the DBD::mysql module processed SSL/TLS settings in a way that did not fully correlate with the respective documentation for each setting. An attacker could possibly use this to perform a cleartext-downgrade attack. (CVE-2017-10789)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2016-1249",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1251",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-10788",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-10789",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "libdbd-mysql-perl",
"binary_version": "4.033-1ubuntu0.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "libdbd-mysql-perl",
"purl": "pkg:deb/ubuntu/libdbd-mysql-perl@4.033-1ubuntu0.1+esm1?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.033-1ubuntu0.1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.028-2",
"4.033-1",
"4.033-1build1",
"4.033-1build2",
"4.033-1ubuntu0.1"
]
}
],
"aliases": [],
"details": "It was discovered that the DBD::mysql module, when configured with server-side\nprepared statement support, was susceptible to operations that would result in\nimproper memory access. An attacker could possibly use this issue to cause\nDBD::mysql to crash, resulting in a denial of service.\n(CVE-2016-1249, CVE-2016-1251)\n\nIt was discovered that the DBD::mysql module was susceptible to an operation\nthat would result in improper memory access, introduced through incorrect\ndocumentation and code examples. An attacker could possibly use this issue to\ncause DBD::mysql to crash or potentially cause other, unspecified, impact.\n(CVE-2017-10788)\n\nIt was discovered that the DBD::mysql module processed SSL/TLS settings in a\nway that did not fully correlate with the respective documentation for each\nsetting. An attacker could possibly use this to perform a cleartext-downgrade\nattack. (CVE-2017-10789)\n",
"id": "USN-5344-1",
"modified": "2026-06-25T10:46:05Z",
"published": "2022-04-01T20:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5344-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-1249"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-1251"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-10788"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-10789"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "libdbd-mysql-perl vulnerabilities",
"upstream": [
"UBUNTU-CVE-2016-1249",
"UBUNTU-CVE-2016-1251",
"UBUNTU-CVE-2017-10788",
"UBUNTU-CVE-2017-10789"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.