CVE-2015-8949
Gentoo Linux Security Advisory 201701-51
Severity Score
Exploit Likelihood
Affected Versions
2Public Exploits
0Exploited in Wild
-Decision
Descriptions
Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.
Vulnerabilidad de uso después de liberación de memoria en la función my_login en DBD::mysql en versiones anteriores a 4.033_01 permite a atacantes tener impacto no especificado aprovechando una llamada a mysql_errno despúes de un fallo de my_login.
It was discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. Hanno Boeck discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-07-26 CVE Reserved
- 2016-07-29 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/07/25/13 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2016/07/27/1 | Mailing List |
|
| http://www.securityfocus.com/bid/92118 | Vdb Entry | |
| https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DB... | Third Party Advisory | |
| https://github.com/perl5-dbi/DBD-mysql/blob/4.033_01/Changes | Release Notes |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2016/dsa-3635 | 2017-07-01 | |
| https://security.gentoo.org/glsa/201701-51 | 2017-07-01 |