https://bugzilla.redhat.com/show_bug.cgi?id=1399580
Bug ID: 1399580
Summary: CVE-2016-1251 perl-DBD-MySQL: Use after free when
using prepared statements
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: hhorak(a)redhat.com, jorton(a)redhat.com,
jplesnik(a)redhat.com,
perl-devel(a)lists.fedoraproject.org,
perl-maint-list(a)redhat.com, ppisar(a)redhat.com,
psabata(a)redhat.com
A use after free vulnerability when using prepared statements was found in
DBD::mysql. Function dbd_st_fetch() via Renew() can reallocate output buffer
for mysql_stmt_fetch() call, but it does not update pointer to that buffer in
imp_sth->stmt structure initialized by mysql_stmt_bind_result() function, which
leads to use after free in any mysql function which access imp_sth->stmt
structure.
This vulnerability is present in all releases at least back to versions 3.0 of
the driver, which were released in 2005.
Upstream patch:
https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d0...
References:
http://seclists.org/oss-sec/2016/q4/536
--
You are receiving this mail because:
You are on the CC list for the bug.