[Bug 1399580] New: CVE-2016-1251 perl-DBD-MySQL: Use after free when using prepared statements

https://bugzilla.redhat.com/show_bug.cgi?id=1399580 Bug ID: 1399580 Summary: CVE-2016-1251 perl-DBD-MySQL: Use after free when using prepared statements Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: hhorak(a)redhat.com, jorton(a)redhat.com, jplesnik(a)redhat.com, perl-devel(a)lists.fedoraproject.org, perl-maint-list(a)redhat.com, ppisar(a)redhat.com, psabata(a)redhat.com A use after free vulnerability when using prepared statements was found in DBD::mysql. Function dbd_st_fetch() via Renew() can reallocate output buffer for mysql_stmt_fetch() call, but it does not update pointer to that buffer in imp_sth->stmt structure initialized by mysql_stmt_bind_result() function, which leads to use after free in any mysql function which access imp_sth->stmt structure. This vulnerability is present in all releases at least back to versions 3.0 of the driver, which were released in 2005. Upstream patch: https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d0... References: http://seclists.org/oss-sec/2016/q4/536 -- You are receiving this mail because: You are on the CC list for the bug.