CVE-2016-1251

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2016-1251
StatePUBLISHED
Assignerdebian
Source PriorityCVE Program / NVD first with legacy fallback
Published2016-11-29 20:59:00 UTC
Updated2026-05-06 22:30:45 UTC
DescriptionThere is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.

Risk And Classification

Primary CVSS: v3.0 8.1 HIGH from [email protected]

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS: 0.005080000 probability, percentile 0.664180000 (date 2026-05-10)

Problem Types: CWE-416 | use after free

VersionSourceTypeScoreSeverityVector
3.0[email protected]Primary8.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2.0[email protected]Primary6.8AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3.0 Breakdown

Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 Breakdown

Access Vector
Network
Access Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Dbd-mysql Project Dbd-mysql 3.0000_0 All All All
Application Dbd-mysql Project Dbd-mysql 3.0001_1 All All All
Application Dbd-mysql Project Dbd-mysql 3.0001_2 All All All
Application Dbd-mysql Project Dbd-mysql 3.0001_3 All All All
Application Dbd-mysql Project Dbd-mysql 3.0002_1 All All All
Application Dbd-mysql Project Dbd-mysql 3.0002_2 All All All
Application Dbd-mysql Project Dbd-mysql 3.0002_3 All All All
Application Dbd-mysql Project Dbd-mysql 3.0002_4 All All All
Application Dbd-mysql Project Dbd-mysql 3.0002_5 All All All
Application Dbd-mysql Project Dbd-mysql 3.0003_1 All All All
Application Dbd-mysql Project Dbd-mysql 3.0004_1 All All All
Application Dbd-mysql Project Dbd-mysql 3.0005 All All All
Application Dbd-mysql Project Dbd-mysql 3.0005_1 All All All
Application Dbd-mysql Project Dbd-mysql 3.0007_2 All All All
Application Dbd-mysql Project Dbd-mysql 3.0008_1 All All All
Application Dbd-mysql Project Dbd-mysql 3.0009_1 All All All
Application Dbd-mysql Project Dbd-mysql 4.00 All All All
Application Dbd-mysql Project Dbd-mysql 4.001 All All All
Application Dbd-mysql Project Dbd-mysql 4.002 All All All
Application Dbd-mysql Project Dbd-mysql 4.003 All All All
Application Dbd-mysql Project Dbd-mysql 4.004 All All All
Application Dbd-mysql Project Dbd-mysql 4.005 All All All
Application Dbd-mysql Project Dbd-mysql 4.006 All All All
Application Dbd-mysql Project Dbd-mysql 4.007 All All All
Application Dbd-mysql Project Dbd-mysql 4.008 All All All
Application Dbd-mysql Project Dbd-mysql 4.009 All All All
Application Dbd-mysql Project Dbd-mysql 4.010 All All All
Application Dbd-mysql Project Dbd-mysql 4.011 All All All
Application Dbd-mysql Project Dbd-mysql 4.012 All All All
Application Dbd-mysql Project Dbd-mysql 4.013 All All All
Application Dbd-mysql Project Dbd-mysql 4.014 All All All
Application Dbd-mysql Project Dbd-mysql 4.015 All All All
Application Dbd-mysql Project Dbd-mysql 4.016 All All All
Application Dbd-mysql Project Dbd-mysql 4.017 All All All
Application Dbd-mysql Project Dbd-mysql 4.018 All All All
Application Dbd-mysql Project Dbd-mysql 4.019 All All All
Application Dbd-mysql Project Dbd-mysql 4.020 All All All
Application Dbd-mysql Project Dbd-mysql 4.021 All All All
Application Dbd-mysql Project Dbd-mysql 4.022 All All All
Application Dbd-mysql Project Dbd-mysql 4.023 All All All
Application Dbd-mysql Project Dbd-mysql 4.024 All All All
Application Dbd-mysql Project Dbd-mysql 4.025 All All All
Application Dbd-mysql Project Dbd-mysql 4.026 All All All
Application Dbd-mysql Project Dbd-mysql 4.027 All All All
Application Dbd-mysql Project Dbd-mysql 4.028 All All All
Application Dbd-mysql Project Dbd-mysql 4.029 All All All
Application Dbd-mysql Project Dbd-mysql 4.030_01 All All All
Application Dbd-mysql Project Dbd-mysql 4.030_02 All All All
Application Dbd-mysql Project Dbd-mysql 4.031 All All All
Application Dbd-mysql Project Dbd-mysql 4.032 All All All
Application Dbd-mysql Project Dbd-mysql 4.032_01 All All All
Application Dbd-mysql Project Dbd-mysql 4.032_02 All All All
Application Dbd-mysql Project Dbd-mysql 4.032_03 All All All
Application Dbd-mysql Project Dbd-mysql 4.033 All All All
Application Dbd-mysql Project Dbd-mysql 4.033_01 All All All
Application Dbd-mysql Project Dbd-mysql 4.033_02 All All All
Application Dbd-mysql Project Dbd-mysql 4.033_03 All All All
Application Dbd-mysql Project Dbd-mysql 4.034 All All All
Application Dbd-mysql Project Dbd-mysql 4.035 All All All
Application Dbd-mysql Project Dbd-mysql 4.035_01 All All All
Application Dbd-mysql Project Dbd-mysql 4.035_02 All All All
Application Dbd-mysql Project Dbd-mysql 4.035_03 All All All
Application Dbd-mysql Project Dbd-mysql 4.036 All All All
Application Dbd-mysql Project Dbd-mysql 4.037 All All All
Application Dbd-mysql Project Dbd-mysql 4.037_01 All All All
Application Dbd-mysql Project Dbd-mysql 4.038 All All All
Application Dbd-mysql Project Dbd-mysql 4.038_01 All All All
Application Dbd-mysql Project Dbd-mysql 4.039 All All All
Application Dbd-mysql Project Dbd-mysql 4.040 All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Na DBDmysql Before 4.041 affected DBD::mysql before 4.041 Not specified

References

ReferenceSourceLinkTags
DBD::mysql CVE-2016-1251 Use After Free Remote Code Execution Vulnerability af854a3a-2127-422b-91ae-364da2661108 www.securityfocus.com Third Party Advisory, VDB Entry
Fix use-after-free for repeated fetchrow_arrayref calls when mysql_se… · perl5-dbi/DBD-mysql@3619c17 · GitHub af854a3a-2127-422b-91ae-364da2661108 github.com Issue Tracking, Patch, Third Party Advisory
DBD::mysql: Multiple vulnerabilities (GLSA 201701-51) — Gentoo security af854a3a-2127-422b-91ae-364da2661108 security.gentoo.org
Debian Package Tracker af854a3a-2127-422b-91ae-364da2661108 tracker.debian.org Third Party Advisory
oss-security - CVE-2016-1251 - use after free in DBD::mysql when using prepared statements - medium af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
pkg-perl/packages/libdbd-mysql-perl - Debian packaging of libdbd-mysql-perl af854a3a-2127-422b-91ae-364da2661108 anonscm.debian.org Issue Tracking, Patch, Third Party Advisory
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 710496 Gentoo Linux DBD Vulnerability (GLSA 201701-51)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report