Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-1251

There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.

Published

2016-11-29T20:59:00.170

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-416

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dbd-mysql_project	dbd-mysql	3.0000_0	Yes
Application	dbd-mysql_project	dbd-mysql	3.0001_1	Yes
Application	dbd-mysql_project	dbd-mysql	3.0001_2	Yes
Application	dbd-mysql_project	dbd-mysql	3.0001_3	Yes
Application	dbd-mysql_project	dbd-mysql	3.0002_1	Yes
Application	dbd-mysql_project	dbd-mysql	3.0002_2	Yes
Application	dbd-mysql_project	dbd-mysql	3.0002_3	Yes
Application	dbd-mysql_project	dbd-mysql	3.0002_4	Yes
Application	dbd-mysql_project	dbd-mysql	3.0002_5	Yes
Application	dbd-mysql_project	dbd-mysql	3.0003_1	Yes
Application	dbd-mysql_project	dbd-mysql	3.0004_1	Yes
Application	dbd-mysql_project	dbd-mysql	3.0005	Yes
Application	dbd-mysql_project	dbd-mysql	3.0005_1	Yes
Application	dbd-mysql_project	dbd-mysql	3.0007_2	Yes
Application	dbd-mysql_project	dbd-mysql	3.0008_1	Yes
Application	dbd-mysql_project	dbd-mysql	3.0009_1	Yes
Application	dbd-mysql_project	dbd-mysql	4.00	Yes
Application	dbd-mysql_project	dbd-mysql	4.001	Yes
Application	dbd-mysql_project	dbd-mysql	4.002	Yes
Application	dbd-mysql_project	dbd-mysql	4.003	Yes
Application	dbd-mysql_project	dbd-mysql	4.004	Yes
Application	dbd-mysql_project	dbd-mysql	4.005	Yes
Application	dbd-mysql_project	dbd-mysql	4.006	Yes
Application	dbd-mysql_project	dbd-mysql	4.007	Yes
Application	dbd-mysql_project	dbd-mysql	4.008	Yes
Application	dbd-mysql_project	dbd-mysql	4.009	Yes
Application	dbd-mysql_project	dbd-mysql	4.010	Yes
Application	dbd-mysql_project	dbd-mysql	4.011	Yes
Application	dbd-mysql_project	dbd-mysql	4.012	Yes
Application	dbd-mysql_project	dbd-mysql	4.013	Yes
Application	dbd-mysql_project	dbd-mysql	4.014	Yes
Application	dbd-mysql_project	dbd-mysql	4.015	Yes
Application	dbd-mysql_project	dbd-mysql	4.016	Yes
Application	dbd-mysql_project	dbd-mysql	4.017	Yes
Application	dbd-mysql_project	dbd-mysql	4.018	Yes
Application	dbd-mysql_project	dbd-mysql	4.019	Yes
Application	dbd-mysql_project	dbd-mysql	4.020	Yes
Application	dbd-mysql_project	dbd-mysql	4.021	Yes
Application	dbd-mysql_project	dbd-mysql	4.022	Yes
Application	dbd-mysql_project	dbd-mysql	4.023	Yes
Application	dbd-mysql_project	dbd-mysql	4.024	Yes
Application	dbd-mysql_project	dbd-mysql	4.025	Yes
Application	dbd-mysql_project	dbd-mysql	4.026	Yes
Application	dbd-mysql_project	dbd-mysql	4.027	Yes
Application	dbd-mysql_project	dbd-mysql	4.028	Yes
Application	dbd-mysql_project	dbd-mysql	4.029	Yes
Application	dbd-mysql_project	dbd-mysql	4.030_01	Yes
Application	dbd-mysql_project	dbd-mysql	4.030_02	Yes
Application	dbd-mysql_project	dbd-mysql	4.031	Yes
Application	dbd-mysql_project	dbd-mysql	4.032	Yes
Application	dbd-mysql_project	dbd-mysql	4.032_01	Yes
Application	dbd-mysql_project	dbd-mysql	4.032_02	Yes
Application	dbd-mysql_project	dbd-mysql	4.032_03	Yes
Application	dbd-mysql_project	dbd-mysql	4.033	Yes
Application	dbd-mysql_project	dbd-mysql	4.033_01	Yes
Application	dbd-mysql_project	dbd-mysql	4.033_02	Yes
Application	dbd-mysql_project	dbd-mysql	4.033_03	Yes
Application	dbd-mysql_project	dbd-mysql	4.034	Yes
Application	dbd-mysql_project	dbd-mysql	4.035	Yes
Application	dbd-mysql_project	dbd-mysql	4.035_01	Yes
Application	dbd-mysql_project	dbd-mysql	4.035_02	Yes
Application	dbd-mysql_project	dbd-mysql	4.035_03	Yes
Application	dbd-mysql_project	dbd-mysql	4.036	Yes
Application	dbd-mysql_project	dbd-mysql	4.037	Yes
Application	dbd-mysql_project	dbd-mysql	4.037_01	Yes
Application	dbd-mysql_project	dbd-mysql	4.038	Yes
Application	dbd-mysql_project	dbd-mysql	4.038_01	Yes
Application	dbd-mysql_project	dbd-mysql	4.039	Yes
Application	dbd-mysql_project	dbd-mysql	4.040	Yes

References

http://www.openwall.com/lists/oss-security/2016/11/28/2 Mailing List, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/94573 Third Party Advisory, VDB Entry ([email protected])
https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-mysql-perl.git/commit/?id=a8b97e4713391b1f8beffbfddac483c276feaff1 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/201701-51 ([email protected])
https://tracker.debian.org/news/819888 Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2016/11/28/2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/94573 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-mysql-perl.git/commit/?id=a8b97e4713391b1f8beffbfddac483c276feaff1 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201701-51 (af854a3a-2127-422b-91ae-364da2661108)
https://tracker.debian.org/news/819888 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)