CVE-2015-8949

CRITICAL

DBD::mysql < 4.033_01 - Use-After-Free in my_login Function

Title source: llm
STIX 2.1

Description

Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.

References (9)

Core 9
Core References
Issue Tracking, Patch x_refsource_confirm
https://github.com/perl5-dbi/DBD-mysql/pull/45
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3635
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/07/27/1
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/07/25/13
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92118
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201701-51

Scores

CVSS v3 9.8
EPSS 0.0449
EPSS Percentile 90.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (2)
dbd-mysql_project/dbd-mysql 4.033
debian/debian_linux 8.0
Published Aug 19, 2016
Tracked Since Feb 18, 2026