CVE-2017-10788

Published: Jul 1, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.

Affected (1)

Products: Dbd Mysql Project: Dbd Mysql

Dbd Mysql Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dbd Mysql Project Dbd Mysql	Up to 4.043

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (6)

http://seclists.org/oss-sec/2017/q2/443

Source: cve@mitre.org

Mailing ListVDB Entry

http://www.securityfocus.com/bid/99374

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://github.com/perl5-dbi/DBD-mysql/issues/120

Source: cve@mitre.org

Third Party Advisory

http://seclists.org/oss-sec/2017/q2/443

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVDB Entry

http://www.securityfocus.com/bid/99374

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://github.com/perl5-dbi/DBD-mysql/issues/120

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.