PT-2017-2461 · Oracle+3 · Dbd::Mysql+3

Glasswalk3R

Publicado

2017-07-01

Atualizado

2025-04-07

CVE-2017-10788

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DBD::mysql module versions through 4.043

Description The issue allows remote attackers to cause a denial of service, potentially leading to an application crash, by triggering certain error responses from a MySQL server or a loss of network connection to the server. This is due to a use-after-free defect, which was introduced by incorrect documentation and code examples from Oracle mysql stmt close.

Recommendations For DBD::mysql module versions through 4.043, consider updating to a version that addresses the use-after-free defect to prevent potential denial of service attacks. As a temporary workaround, consider implementing error handling mechanisms to mitigate the impact of error responses from the MySQL server or network connection losses.

Correção

DoS

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2018-1256

BDU:2017-01671

CVE-2017-10788

DLA-1079-1

MGASA-2018-0031

MGASA-2018-0283

OPENSUSE-SU-2018_1463-1

OPENSUSE-SU-2024:11160-1

SUSE-SU-2018:1449-1

SUSE-SU-2018:1450-1

SUSE-SU-2018_1449-1

SUSE-SU-2018_1450-1

USN-5344-1

USN-7417-1

Produtos afetados

Alt Linux

Dbd::Mysql

Suse

Ubuntu

PT-2017-2461 · Oracle+3 · Dbd::Mysql+3

CVE-2017-10788

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 39