Bug ID: 1399580
Summary: CVE-2016-1251 perl-DBD-MySQL: Use after free when
using prepared statements
Product: Security Response
CC: hhorak(a)redhat.com, jorton(a)redhat.com,
A use after free vulnerability when using prepared statements was found in
DBD::mysql. Function dbd_st_fetch() via Renew() can reallocate output buffer
for mysql_stmt_fetch() call, but it does not update pointer to that buffer in
imp_sth->stmt structure initialized by mysql_stmt_bind_result() function, which
leads to use after free in any mysql function which access imp_sth->stmt
This vulnerability is present in all releases at least back to versions 3.0 of
the driver, which were released in 2005.
You are receiving this mail because:
You are on the CC list for the bug.