Описание
There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.
Меры по смягчению последствий
This problem is only exposed when the user uses server-side prepared statement support (mysql_server_prepare=1), which is NOT default behavior and was turned off back for all drivers per MySQL AB decision in 2006 due to issues with server-side prepared statements in the server. Use the default driver setting which uses emulated prepared statements.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | perl-DBD-MySQL | Will not fix | ||
| Red Hat Enterprise Linux 6 | perl-DBD-MySQL | Will not fix | ||
| Red Hat Enterprise Linux 7 | perl-DBD-MySQL | Will not fix | ||
| Red Hat Software Collections | rh-perl520-perl-DBD-MySQL | Will not fix | ||
| Red Hat Software Collections | rh-perl524-perl-DBD-MySQL | Will not fix |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
5.1 Medium
CVSS2
Связанные уязвимости
There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.
There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.
There is a vulnerability of type use-after-free affecting DBD::mysql ( ...
There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.
7.5 High
CVSS3
5.1 Medium
CVSS2