CVE-2010-3064 : Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 all

Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function.

Published 2010-08-20 20:00:03

Updated 2010-12-07 06:50:29

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute codeDenial of service

Threat overview for CVE-2010-3064

Top countries where our scanners detected CVE-2010-3064

Top open port discovered on systems with this issue 80

IPs affected by CVE-2010-3064 2,755

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2010-3064!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2010-3064

Probability of exploitation activity in the next 30 days: 0.88%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-3064

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2010-3064

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-3064

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2010:018

CVEs referencing this url
http://php-security.org/2010/05/31/mops-2010-059-php-php_mysqlnd_auth_write-stack-buffer-overflow-vulnerability/index.html

MOPS-2010-059: PHP php_mysqlnd_auth_write() Stack Buffer Overflow Vulnerability « the Month of PHP Security
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2010:017

CVEs referencing this url
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?r1=298701&r2=298703&pathrev=298703

PHP: Diff of /php/php-src/branches/PHP_5_3/NEWS
Patch

CVEs referencing this url
http://svn.php.net/viewvc?view=revision&revision=298703

PHP: Revision 298703

CVEs referencing this url

Products affected by CVE-2010-3064