oss-sec mailing list archives
Re: Use after free in my_login() function of DBD::mysql (Perl module)
From: cve-assign () mitre org
Date: Tue, 26 Jul 2016 21:32:03 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html DBD::mysql versions 4.033 and earlier have a use after free bug in the my_login() function. DBD::mysql is a Perl module providing bindings to the mysql database. The issue was fixed in version 4.034. https://github.com/perl5-dbi/DBD-mysql/pull/45
When my_login fails the code tries to call mysql_errno on the mysql connection. However my_login has already free'd that connection variable, therefore causing a use-after-free error. This patch changes that so that the free happens after the call to the error functions. https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156
Use CVE-2015-8949. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXmA3NAAoJEHb/MwWLVhi2T50P/2JWP75tgnyR/hKJzXM3Tunj W2mE0M2ELKLJj3e+CDn97LgOl2jsv2CcpIo3VGuTYMeHZ/99wP2HRp7da0WSYMBI CILmexHgb4bLWCbUg5H1P+Af2CCHGWcGz9ZlW5epwBD/bNaWw8ESDI46ua9j/QYj 9qpXfVZdzKGlfnO891gnwwmjzWQXPOw0YGCNs9xCPD5FNcM6S+pnUEPc8GU6G1QW EdhzJnoCFCBAZRSrgHsU6h5nSpoLALMm/0f/h5Z3JWLUhD+ZRUeB3KVE0h5k4XTI a2JZT7WYJRA7RBiazy+NSR6eh0zwDz1cBeHrZwuWMZQIP3epyL5VkGBxNZAwjycC HEGqVOO3LLiWbjStDE0s8vad6b1XUZmQgOTr/gWAnb1R+PJm7rNSzCW2YL3t1jNy V0xKpt/k2XIcrblTs3yaVw3Z5vUqJ87PjstHyA0aKzO/ID3lhT6DkQiuX4alOp9s TQRbdX4PBjyzYSl15lNYAEosdZJeL+LTSYVABeD/Psppl8lcOzjDGEshUALEDLYn LZMHpRxB2L7as+foW4xS9k6ueAfpwZgO/wORVZOHPtZaIDNMB/E+ZUcP3ubMgoro SClTjv8oW6RWfcaVTjet/+eu0UfojDo17OXlpgoltWfXLCOf+b1hu8K5qsHYb4/s wmAXCt8jSR66BgFTq8ft =fO5Z -----END PGP SIGNATURE-----
Current thread:
- Use after free in my_login() function of DBD::mysql (Perl module) Hanno Böck (Jul 25)
- Re: Use after free in my_login() function of DBD::mysql (Perl module) cve-assign (Jul 26)
- Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) lazytyped (Jul 28)
- Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) Hanno Böck (Jul 29)
- Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) lazytyped (Jul 29)
- Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) Hanno Böck (Jul 30)
- Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) Joshua J. Drake (Jul 31)
- Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) lazytyped (Jul 28)
- Re: Use after free in my_login() function of DBD::mysql (Perl module) cve-assign (Jul 26)