Published: 29/11/2016 Updated: 01/07/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x prior to 4.041 when used with mysql_server_prepare=1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dbd-mysql project dbd-mysql 4.039
dbd-mysql project dbd-mysql 4.038_01
dbd-mysql project dbd-mysql 4.035_01
dbd-mysql project dbd-mysql 4.035
dbd-mysql project dbd-mysql 4.032
dbd-mysql project dbd-mysql 4.032_02
dbd-mysql project dbd-mysql 4.026
dbd-mysql project dbd-mysql 4.025
dbd-mysql project dbd-mysql 4.018
dbd-mysql project dbd-mysql 4.017
dbd-mysql project dbd-mysql 4.010
dbd-mysql project dbd-mysql 4.009
dbd-mysql project dbd-mysql 4.001
dbd-mysql project dbd-mysql 4.00
dbd-mysql project dbd-mysql 3.0003_1
dbd-mysql project dbd-mysql 3.0002_5
dbd-mysql project dbd-mysql 3.0001_1
dbd-mysql project dbd-mysql 3.0000_0
dbd-mysql project dbd-mysql 4.037
dbd-mysql project dbd-mysql 4.036
dbd-mysql project dbd-mysql 4.033_02
dbd-mysql project dbd-mysql 4.033_01
dbd-mysql project dbd-mysql 4.030_02
dbd-mysql project dbd-mysql 4.030_01
dbd-mysql project dbd-mysql 4.022
dbd-mysql project dbd-mysql 4.021
dbd-mysql project dbd-mysql 4.014
dbd-mysql project dbd-mysql 4.013
dbd-mysql project dbd-mysql 4.006
dbd-mysql project dbd-mysql 4.005
dbd-mysql project dbd-mysql 4.004
dbd-mysql project dbd-mysql 3.0007_2
dbd-mysql project dbd-mysql 3.0005_1
dbd-mysql project dbd-mysql 3.0002_2
dbd-mysql project dbd-mysql 3.0002_1
dbd-mysql project dbd-mysql 4.035_03
dbd-mysql project dbd-mysql 4.035_02
dbd-mysql project dbd-mysql 4.033
dbd-mysql project dbd-mysql 4.032_03
dbd-mysql project dbd-mysql 4.029
dbd-mysql project dbd-mysql 4.028
dbd-mysql project dbd-mysql 4.027
dbd-mysql project dbd-mysql 4.020
dbd-mysql project dbd-mysql 4.019
dbd-mysql project dbd-mysql 4.012
dbd-mysql project dbd-mysql 4.011
dbd-mysql project dbd-mysql 4.003
dbd-mysql project dbd-mysql 4.002
dbd-mysql project dbd-mysql 3.0005
dbd-mysql project dbd-mysql 3.0004_1
dbd-mysql project dbd-mysql 3.0001_3
dbd-mysql project dbd-mysql 3.0001_2
dbd-mysql project dbd-mysql 4.038
dbd-mysql project dbd-mysql 4.037_01
dbd-mysql project dbd-mysql 4.034
dbd-mysql project dbd-mysql 4.033_03
dbd-mysql project dbd-mysql 4.032_01
dbd-mysql project dbd-mysql 4.031
dbd-mysql project dbd-mysql 4.024
dbd-mysql project dbd-mysql 4.023
dbd-mysql project dbd-mysql 4.016
dbd-mysql project dbd-mysql 4.015
dbd-mysql project dbd-mysql 4.008
dbd-mysql project dbd-mysql 4.007
dbd-mysql project dbd-mysql 3.0009_1
dbd-mysql project dbd-mysql 3.0008_1
dbd-mysql project dbd-mysql 3.0002_4
dbd-mysql project dbd-mysql 3.0002_3
dbd-mysql project dbd-mysql 4.040

There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3x and 4x before 4041 when used with mysql_server_prepare=1 ...

CWE-416 https://tracker.debian.org/news/819888 http://www.openwall.com/lists/oss-security/2016/11/28/2 https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-mysql-perl.git/commit/?id=a8b97e4713391b1f8beffbfddac483c276feaff1 https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1 http://www.securityfocus.com/bid/94573 https://security.gentoo.org/glsa/201701-51 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2016-1251

CVE-2016-1251

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect