CVE-2016-1251
HIGHDBD::mysql 3.x-4.x - Use-After-Free with mysql_server_prepare=1
Title source: llmDescription
There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.
References (6)
Core 6
Core References
Third Party Advisory x_refsource_confirm
https://tracker.debian.org/news/819888
Mailing List, Third Party Advisory x_refsource_confirm
http://www.openwall.com/lists/oss-security/2016/11/28/2
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-mysql-perl.git/commit/?id=a8b97e4713391b1f8beffbfddac483c276feaff1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94573
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201701-51
Scores
CVSS v3
8.1
EPSS
0.0312
EPSS Percentile
86.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (50)
dbd-mysql_project/dbd-mysql
3.0000_0
dbd-mysql_project/dbd-mysql
3.0001_1
dbd-mysql_project/dbd-mysql
3.0001_2
dbd-mysql_project/dbd-mysql
3.0001_3
dbd-mysql_project/dbd-mysql
3.0002_1
dbd-mysql_project/dbd-mysql
3.0002_2
dbd-mysql_project/dbd-mysql
3.0002_3
dbd-mysql_project/dbd-mysql
3.0002_4
dbd-mysql_project/dbd-mysql
3.0002_5
dbd-mysql_project/dbd-mysql
3.0003_1
... and 40 more
Published
Nov 29, 2016
Tracked Since
Feb 18, 2026