CVE-2016-1249

MEDIUM

Description

The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression.

References

http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes

http://www.openwall.com/lists/oss-security/2016/11/16/1

http://www.securityfocus.com/bid/94350

https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe

https://security.gentoo.org/glsa/201701-51

Details

Source: MITRE

Published: 2017-02-17

Updated: 2017-07-01

Type: CWE-125

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:perl5-dbi:dbd-mysql:*:*:*:*:*:*:*:* versions up to 4.038_01 (inclusive)

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
147446EulerOS Virtualization 3.0.2.6 : perl-DBD-MySQL (EulerOS-SA-2021-1447)NessusHuawei Local Security Checks
high
147064EulerOS Virtualization 3.0.6.6 : perl-DBD-MySQL (EulerOS-SA-2021-1509)NessusHuawei Local Security Checks
high
146760EulerOS 2.0 SP2 : perl-DBD-MySQL (EulerOS-SA-2021-1343)NessusHuawei Local Security Checks
high
146116EulerOS 2.0 SP5 : perl-DBD-MySQL (EulerOS-SA-2021-1223)NessusHuawei Local Security Checks
high
96711openSUSE Security Update : perl-DBD-mysql (openSUSE-2017-130)NessusSuSE Local Security Checks
medium
96686GLSA-201701-51 : DBD::mysql: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
96528SUSE SLES12 Security Update : perl-DBD-mysql (SUSE-SU-2017:0123-1)NessusSuSE Local Security Checks
medium
96527SUSE SLES11 Security Update : perl-DBD-mysql (SUSE-SU-2017:0122-1)NessusSuSE Local Security Checks
medium
96024Fedora 23 : perl-DBD-MySQL (2016-bf6c3ea62c)NessusFedora Local Security Checks
medium
95728Fedora 25 : perl-DBD-MySQL (2016-673cbb6bb4)NessusFedora Local Security Checks
medium
95304Fedora 24 : perl-DBD-MySQL (2016-54fd3bf412)NessusFedora Local Security Checks
medium