oss-sec mailing list archives
Re: CVE Request: DBD-mysql: use-after-free in mysql_dr_error
From: cve-assign () mitre org
Date: Wed, 27 Jul 2016 11:47:46 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://github.com/perl5-dbi/DBD-mysql/pull/27 https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc https://rt.cpan.org/Public/Bug/Display.html?id=97625
https://rt.cpan.org/Public/Bug/Display.html?id=97625#txn-1393444
The big problem with lost connections is that business logic wants to keep reporting errors to a file in case of lost server connections. This is related to RT #85919, though the root cause is this use-after free here.
AddressSanitizer: heap-use-after-free
Use CVE-2014-9906. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXmNb9AAoJEHb/MwWLVhi2xlMQAK+b8lwVuQoS2/h2oq8BEQ2Y UQdhvmjnJimPcYAsRxW16QTRAMMDalk/JWy52Z9RrQawxtnBTstug/hjG9oFGBI9 jnBVlkD/x02u6XKau7cbbuVJNj3bDB6vH5nd/nmNOVphANn5QfUqRsARmW3PH7KK 0rtfvkQtv8DSvZlmAubbQNu3puGdZgxEyai9PWDxPMvih822s5qARfjKVz1N1D+n waFrLdPtt3msWsdVWpuezvIzLo219YQzjSJ8dOg0RDnFn3WVXOkV2SKC0JIrZG02 /JDhfZnVk8MxIKPHYrCtqOEdWqyvt2UEhWuyA272aotuB1zXw4CYNL3AfS49lOos WM/at9hwoDI7KQvI2Px4vfP0oinZplcGwxmW7IATI3hoDi6jPq3KbU/MVU1ifCfV swJvgD5FHJJUW0y5C7C8Wak9EgQ6B2aQUXwalKBGgQgAwkmuc1gXenKMWv6OLYRe xdKYpIdDnU7fxQQjwyPPQs5TVy1MPGqBuGCIL1E9xeKDMR92PqUb6i8bRxMY5bkt lFEZiEMh3OJ9JLL6x6gzLZFs3XOtmYUBRGG8JxBOpPjX0tjZsFUogBS3/CAOpsuZ Gzptk7MXfukP3AqC2D5ruGeDp8pF5TPPUhFhwcl51eQBZiIIcOr6tB8ZC7xHwxeh 5jAxK3akfvVbLAjehOMP =Daax -----END PGP SIGNATURE-----
Current thread:
- CVE Request: DBD-mysql: use-after-free in mysql_dr_error Salvatore Bonaccorso (Jul 27)
- Re: CVE Request: DBD-mysql: use-after-free in mysql_dr_error cve-assign (Jul 27)