PT-2017-7947 · Mysql Server+3 · Dbd::Mysql+3
Pali
·
Publicado
2016-11-17
·
Atualizado
2025-04-07
·
CVE-2016-1249
CVSS v3.1
5.9
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
DBD::mysql versions prior to 4.039
Description
The issue allows attackers to cause a denial of service, specifically an out-of-bounds read, when using server-side prepared statement support. This can be achieved through vectors involving an unaligned number of placeholders in the WHERE condition and output fields in the SELECT expression.
Recommendations
For versions prior to 4.039, update to version 4.039 or later to resolve the issue. As a temporary workaround, consider avoiding the use of server-side prepared statement support until a patch is applied. Restrict the use of unaligned placeholders in WHERE conditions and output fields in SELECT expressions to minimize the risk of exploitation.
Correção
DoS
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Dbd::Mysql
Suse
Ubuntu