Use-After-Free Vulnerability in MySQL Driver for Perl by DBD::mysql
CVE-2016-1251

8.1HIGH

Key Information:

Vendor: Dbd-mysql Project
Status: DBD::mysql before 4.041
Vendor: CVE Published:; 29 November 2016

What is CVE-2016-1251?

A vulnerability exists in the DBD::mysql Perl module affecting versions 3.x and 4.x prior to 4.041 when operating with the mysql_server_prepare option set to 1. This use-after-free flaw could allow an attacker to exploit uninitialized memory, potentially leading to application crashes or execution of arbitrary code. Users of DBD::mysql are advised to update to the latest version to mitigate the risk associated with this issue.

Affected Version(s)

DBD::mysql before 4.041 DBD::mysql before 4.041

References

https://tracker.debian.org/news/819888

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2016/11/28/2

x_refsource_CONFIRM

https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 29, 2016
Vulnerability Reserved
Dec 27, 2015

Dbd-mysql Project

What is CVE-2016-1251?

Affected Version(s)

References

CVSS V3.1

Timeline