Vulnerability Details : CVE-2015-8949
Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.
Vulnerability category: Memory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2015-8949
Probability of exploitation activity in the next 30 days: 0.90%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 81 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-8949
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2015-8949
-
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8949
-
http://www.debian.org/security/2016/dsa-3635
Debian -- Security Information -- DSA-3635-1 libdbd-mysql-perlThird Party Advisory
-
https://github.com/perl5-dbi/DBD-mysql/blob/4.033_01/Changes
DBD-mysql/Changes at 4.033_01 · perl5-dbi/DBD-mysql · GitHubRelease Notes
-
http://www.openwall.com/lists/oss-security/2016/07/27/1
oss-security - Re: Use after free in my_login() function of DBD::mysql (Perl module)Mailing List;Third Party Advisory
-
https://github.com/perl5-dbi/DBD-mysql/pull/45
Fix use after free error. by hannob · Pull Request #45 · perl5-dbi/DBD-mysql · GitHubIssue Tracking;Patch
-
https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html
Use after free in my_login() function of DBD::mysql (Perl module) | The Fuzzing ProjectThird Party Advisory
-
http://www.securityfocus.com/bid/92118
DBD::mysql 'my_login()' Function Use After Free Remote Code Execution Vulnerability
-
http://www.openwall.com/lists/oss-security/2016/07/25/13
oss-security - Use after free in my_login() function of DBD::mysql (Perl module)Mailing List;Third Party Advisory
-
https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156
Merge pull request #45 from hannob/master · perl5-dbi/DBD-mysql@cf0aa77 · GitHubIssue Tracking;Patch
-
https://security.gentoo.org/glsa/201701-51
DBD::mysql: Multiple vulnerabilities (GLSA 201701-51) — Gentoo security
Products affected by CVE-2015-8949
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.033:*:*:*:*:*:*:*