CVE-2017-10788

CRITICAL9.8

The DBD::mysql module through 4

Published Jul 1, 2017

Modified 1 years ago

Details

The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.

References

WEBhttp://seclists.org/oss-sec/2017/q2/443 WEBhttp://www.securityfocus.com/bid/99374 WEBhttps://github.com/perl5-dbi/DBD-mysql/issues/120 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2017-10788

CVSS Analysis

CVSS v3.0

9.8

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedJul 1, 2017

ModifiedAug 5, 2024