Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 03 Oct 2016 19:19:11 +0200
From: Florian Weimer <>
Subject: CVE-2016-1246: Buffer overflow in DBD-mysql error reporting (Perl DBI module)

When a reporting a variable bind error, DBD-mysql would try to
construct the error message in a fixed-size buffer on the stack,
possibly leading to arbitrary code execution.

It depends on the application whether untrusted data is included in
the error message.  -D_FORTIFY_SOURCE=2 would catch this and turn the
issue into a mere crash.

Upstream commit:


Upstream credits Pali Rohár with reporting and fixing this issue.

Here is what I used to validate the patch:

use strict;
use warnings;

use DBI;

my $dbh = DBI->connect("DBI:mysql:mysql:",
                       "root", "",
                       { PrintError => 0, RaiseError => 1});

my $st = $dbh->prepare('INSERT INTO t VALUES (?)');
$st->bind_param(1, 'X' x 64, DBI::SQL_INTEGER);

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ