HIGH7.5
Уязвимость модуля DBD::mysql драйвера DBD::mysql, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PReferences
ALT-PU-2018-1256-1Package update perl-DBD-mysql in branch sisyphus
Severity:
Closed issues (3)
CRITICAL9.8
The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMEDIUM5.9
The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:NCVSS 3.xMEDIUM 5.9
CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NReferences
- http://www.securityfocus.com/bid/99364
- https://github.com/perl5-dbi/DBD-mysql/issues/110
- https://github.com/perl5-dbi/DBD-mysql/issues/140
- https://github.com/perl5-dbi/DBD-mysql/pull/114
- http://www.securityfocus.com/bid/99364
- https://github.com/perl5-dbi/DBD-mysql/issues/110
- https://github.com/perl5-dbi/DBD-mysql/issues/140
- https://github.com/perl5-dbi/DBD-mysql/pull/114