Date: Tue, 15 Nov 2016 23:11:46 -0500 From: Patrick Galbraith <patg@...g.net> To: oss-security@...ts.openwall.com Subject: CVE-2016-1249: Out-of-bounds read by DBD::mysql >= version 2.9003 ====== SECURITY ADVISORY - Out-of-bounds read by DBD::mysql Out-of-bounds read by DBD::mysql A vulnerability was discovered that can lead to an out-of-bounds read when using server side prepared statements with an unaligned number of placeholders in WHERE condition and output fields in SELECT expression. Project name and URL — DBD::mysql Perl MySQL client driver, http://search.cpan.org/~capttofu/DBD-mysql/lib/DBD/mysql.pm <http://search.cpan.org/~capttofu/DBD-mysql/lib/DBD/mysql.pm> Versions known to be affected — 2.9004 and later (2005 and later) Versions known to be not affected — 2.9003 and earlier (before 2005) Version containing Fix — 4.039 and later (current) Link to fix: https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe <https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe> Type of vulnerability and its impact — could lead to out-of-bounds read when using server-side prepared statement support in the driver CVE identifier — CVE-2016-1249 Planned release — availability: immediately Mitigating factors — This problem is only exposed when the user uses server-side prepared statement support, which is NOT default behavior and was turned off back for all drivers per MySQL AB decision in 2006 due to issues with server-side prepared statements in the server. The behavior of the driver is normally emulated. Work-arounds — Use the default driver setting which is using emulated prepared statements Credit — Many thanks to Pali Rohár for discovering and fixing the vulnerability. ====== Content of type "text/html" skipped Download attachment "signature.asc" of type "application/pgp-signature" (188 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ