CVE-2016-1251 - Use After Free

Severity

68%

Complexity

86%

Confidentiality

106%

There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.

There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.

CVSS 3.0 Base Score 8.1. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Demo Examples

Use After Free

CWE-416

The following example demonstrates the weakness.


               
}
free(buf3R2);

Use After Free

CWE-416

The following code illustrates a use after free error:


               
}
free(ptr);
logError("operation aborted before commit", ptr);

When an error occurs, the pointer is immediately freed. However, this pointer is later incorrectly used in the logError function.

Overview

Type

DBD-mysql Project DBD-mysql

First reported 8 years ago

2016-11-29 20:59:00

Last updated 7 years ago

2017-07-01 01:29:00

Affected Software

DBD-mysql Project DBD-mysql 3.0000 0

3.0000_0

DBD-mysql Project DBD-mysql 3.0001 1

3.0001_1

DBD-mysql Project DBD-mysql 3.0001 2

3.0001_2

DBD-mysql Project DBD-mysql 3.0001 3

3.0001_3

DBD-mysql Project DBD-mysql 3.0002 1

3.0002_1

DBD-mysql Project DBD-mysql 3.0002 2

3.0002_2

DBD-mysql Project DBD-mysql 3.0002 3

3.0002_3

DBD-mysql Project DBD-mysql 3.0002 4

3.0002_4

DBD-mysql Project DBD-mysql 3.0002 5

3.0002_5

DBD-mysql Project DBD-mysql 3.0003 1

3.0003_1

DBD-mysql Project DBD-mysql 3.0004 1

3.0004_1

DBD-mysql Project DBD-mysql 3.0005

3.0005

DBD-mysql Project DBD-mysql 3.0005 1

3.0005_1

DBD-mysql Project DBD-mysql 3.0007 2

3.0007_2

DBD-mysql Project DBD-mysql 3.0008 1

3.0008_1

DBD-mysql Project DBD-mysql 3.0009 1

3.0009_1

DBD-mysql Project DBD-mysql 4.00

4.00

DBD-mysql Project DBD-mysql 4.001

4.001

DBD-mysql Project DBD-mysql 4.002

4.002

DBD-mysql Project DBD-mysql 4.003

4.003

DBD-mysql Project DBD-mysql 4.004

4.004

DBD-mysql Project DBD-mysql 4.005

4.005

DBD-mysql Project DBD-mysql 4.006

4.006

DBD-mysql Project DBD-mysql 4.007

4.007

DBD-mysql Project DBD-mysql 4.008

4.008

DBD-mysql Project DBD-mysql 4.009

4.009

DBD-mysql Project DBD-mysql 4.010

4.010

DBD-mysql Project DBD-mysql 4.011

4.011

DBD-mysql Project DBD-mysql 4.012

4.012

DBD-mysql Project DBD-mysql 4.013

4.013

DBD-mysql Project DBD-mysql 4.014

4.014

DBD-mysql Project DBD-mysql 4.015

4.015

DBD-mysql Project DBD-mysql 4.016

4.016

DBD-mysql Project DBD-mysql 4.017

4.017

DBD-mysql Project DBD-mysql 4.018

4.018

DBD-mysql Project DBD-mysql 4.019

4.019

DBD-mysql Project DBD-mysql 4.020

4.020

DBD-mysql Project DBD-mysql 4.021

4.021

DBD-mysql Project DBD-mysql 4.022

4.022

DBD-mysql Project DBD-mysql 4.023

4.023

DBD-mysql Project DBD-mysql 4.024

4.024

DBD-mysql Project DBD-mysql 4.025

4.025

DBD-mysql Project DBD-mysql 4.026

4.026

DBD-mysql Project DBD-mysql 4.027

4.027

DBD-mysql Project DBD-mysql 4.028

4.028

DBD-mysql Project DBD-mysql 4.029

4.029

DBD-mysql Project DBD-mysql 4.030 01

4.030_01

DBD-mysql Project DBD-mysql 4.030 02

4.030_02

DBD-mysql Project DBD-mysql 4.031

4.031

DBD-mysql Project DBD-mysql 4.032

4.032

DBD-mysql Project DBD-mysql 4.032 01

4.032_01

DBD-mysql Project DBD-mysql 4.032 02

4.032_02

DBD-mysql Project DBD-mysql 4.032 03

4.032_03

DBD-mysql Project DBD-mysql 4.033

4.033

DBD-mysql Project DBD-mysql 4.033 01

4.033_01

DBD-mysql Project DBD-mysql 4.033 02

4.033_02

DBD-mysql Project DBD-mysql 4.033 03

4.033_03

DBD-mysql Project DBD-mysql 4.034

4.034

DBD-mysql Project DBD-mysql 4.035

4.035

DBD-mysql Project DBD-mysql 4.035 01

4.035_01

DBD-mysql Project DBD-mysql 4.035 02

4.035_02

DBD-mysql Project DBD-mysql 4.035 03

4.035_03

DBD-mysql Project DBD-mysql 4.036

4.036

DBD-mysql Project DBD-mysql 4.037

4.037

DBD-mysql Project DBD-mysql 4.037 01

4.037_01

DBD-mysql Project DBD-mysql 4.038

4.038

DBD-mysql Project DBD-mysql 4.038 01

4.038_01

DBD-mysql Project DBD-mysql 4.039

4.039

DBD-mysql Project DBD-mysql 4.040

4.040

References

http://www.openwall.com/lists/oss-security/2016/11/28/2

Mailing List, Third Party Advisory

94573

Third Party Advisory, VDB Entry

https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-mysql-perl.git/commit/?id=a8b97e4713391b1f8beffbfddac483c276feaff1

Issue Tracking, Patch, Third Party Advisory

https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1

Issue Tracking, Patch, Third Party Advisory

GLSA-201701-51

https://tracker.debian.org/news/819888

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.