10

CVE-2014-9906

Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version8.0
Dbd-mysql ProjectDbd-mysql Version <= 4.028
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.03% 0.924
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog
Release Notes
http://www.debian.org/security/2016/dsa-3635
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/07/27/5
VDB Entry
Mailing List
http://www.openwall.com/lists/oss-security/2016/07/27/6
VDB Entry
Mailing List
http://www.securityfocus.com/bid/92149
https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc
Patch
Issue Tracking
https://rt.cpan.org/Public/Bug/Display.html?id=97625
Issue Tracking