CVE-2017-10788

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DBD::mysql module versions through 4.043

Description The issue allows remote attackers to cause a denial of service, potentially leading to an application crash, by triggering certain error responses from a MySQL server or a loss of network connection to the server. This is due to a use-after-free defect, which was introduced by incorrect documentation and code examples from Oracle mysql stmt close.

Recommendations For DBD::mysql module versions through 4.043, consider updating to a version that addresses the use-after-free defect to prevent potential denial of service attacks. As a temporary workaround, consider implementing error handling mechanisms to mitigate the impact of error responses from the MySQL server or network connection losses.

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2018-1256

BDU:2017-01671

CVE-2017-10788

DLA-1079-1

MGASA-2018-0031

MGASA-2018-0283

OPENSUSE-SU-2018_1463-1

OPENSUSE-SU-2024:11160-1

SUSE-SU-2018:1449-1

SUSE-SU-2018:1450-1

SUSE-SU-2018_1449-1

SUSE-SU-2018_1450-1

USN-5344-1

USN-7417-1

Affected Products

Alt Linux

Dbd::Mysql

Suse

Ubuntu

CVE-2017-10788

Weakness Enumeration

Related Identifiers

Affected Products

References · 39