CVE-2016-1249
Summary
| CVE | CVE-2016-1249 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2017-02-17 02:59:00 UTC |
|---|
| Updated | 2021-08-09 13:52:00 UTC |
|---|
| Description | The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| DBD::mysql: Multiple vulnerabilities (GLSA 201701-51) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| Added Pali's fix for CVE-2016-1249 · perl5-dbi/DBD-mysql@793b72b · GitHub |
CONFIRM |
github.com |
Patch, Third Party Advisory |
| oss-security - CVE-2016-1249: Out-of-bounds read by DBD::mysql >= version 2.9003 |
MLIST |
www.openwall.com |
Mailing List, Mitigation, Patch, Third Party Advisory |
| DBD::mysql CVE-2016-1249 Out-Of-Bounds Read Information Disclosure Vulnerability |
BID |
www.securityfocus.com |
Third Party Advisory, VDB Entry |
| cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes |
CONFIRM |
cpansearch.perl.org |
Release Notes, Vendor Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 670248 EulerOS Security Update for perl-DBD-MySQL (EulerOS-SA-2021-1828)
- 710496 Gentoo Linux DBD Vulnerability (GLSA 201701-51)
