oss-sec mailing list archives
CVE-2016-1249: Out-of-bounds read by DBD::mysql >= version 2.9003
From: Patrick Galbraith <patg () patg net>
Date: Tue, 15 Nov 2016 23:11:46 -0500
====== SECURITY ADVISORY - Out-of-bounds read by DBD::mysql Out-of-bounds read by DBD::mysql A vulnerability was discovered that can lead to an out-of-bounds read when using server side prepared statements with an unaligned number of placeholders in WHERE condition and output fields in SELECT expression. Project name and URL — DBD::mysql Perl MySQL client driver, http://search.cpan.org/~capttofu/DBD-mysql/lib/DBD/mysql.pm <http://search.cpan.org/~capttofu/DBD-mysql/lib/DBD/mysql.pm> Versions known to be affected — 2.9004 and later (2005 and later) Versions known to be not affected — 2.9003 and earlier (before 2005) Version containing Fix — 4.039 and later (current) Link to fix: https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe <https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe> Type of vulnerability and its impact — could lead to out-of-bounds read when using server-side prepared statement support in the driver CVE identifier — CVE-2016-1249 Planned release — availability: immediately Mitigating factors — This problem is only exposed when the user uses server-side prepared statement support, which is NOT default behavior and was turned off back for all drivers per MySQL AB decision in 2006 due to issues with server-side prepared statements in the server. The behavior of the driver is normally emulated. Work-arounds — Use the default driver setting which is using emulated prepared statements Credit — Many thanks to Pali Rohár for discovering and fixing the vulnerability. ======
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- CVE-2016-1249: Out-of-bounds read by DBD::mysql >= version 2.9003 Patrick Galbraith (Nov 15)