CVE-2016-1251

HIGH

DBD::mysql 3.x-4.x - Use-After-Free with mysql_server_prepare=1

Title source: llm
STIX 2.1

Description

There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.

References (6)

Core 6
Core References
Third Party Advisory x_refsource_confirm
https://tracker.debian.org/news/819888
Mailing List, Third Party Advisory x_refsource_confirm
http://www.openwall.com/lists/oss-security/2016/11/28/2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94573
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201701-51

Scores

CVSS v3 8.1
EPSS 0.0312
EPSS Percentile 86.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (50)
dbd-mysql_project/dbd-mysql 3.0000_0
dbd-mysql_project/dbd-mysql 3.0001_1
dbd-mysql_project/dbd-mysql 3.0001_2
dbd-mysql_project/dbd-mysql 3.0001_3
dbd-mysql_project/dbd-mysql 3.0002_1
dbd-mysql_project/dbd-mysql 3.0002_2
dbd-mysql_project/dbd-mysql 3.0002_3
dbd-mysql_project/dbd-mysql 3.0002_4
dbd-mysql_project/dbd-mysql 3.0002_5
dbd-mysql_project/dbd-mysql 3.0003_1
... and 40 more
Published Nov 29, 2016
Tracked Since Feb 18, 2026