https://bugzilla.redhat.com/show_bug.cgi?id=1399580 Bug ID: 1399580 Summary: CVE-2016-1251 perl-DBD-MySQL: Use after free when using prepared statements Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@xxxxxxxxxx Reporter: amaris@xxxxxxxxxx CC: hhorak@xxxxxxxxxx, jorton@xxxxxxxxxx, jplesnik@xxxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx, perl-maint-list@xxxxxxxxxx, ppisar@xxxxxxxxxx, psabata@xxxxxxxxxx A use after free vulnerability when using prepared statements was found in DBD::mysql. Function dbd_st_fetch() via Renew() can reallocate output buffer for mysql_stmt_fetch() call, but it does not update pointer to that buffer in imp_sth->stmt structure initialized by mysql_stmt_bind_result() function, which leads to use after free in any mysql function which access imp_sth->stmt structure. This vulnerability is present in all releases at least back to versions 3.0 of the driver, which were released in 2005. Upstream patch: https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1 References: http://seclists.org/oss-sec/2016/q4/536 -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ perl-devel mailing list -- perl-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to perl-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
