Re: Use after free in my_login() function of DBD::mysql (Perl module)

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html
>
> DBD::mysql versions 4.033 and earlier have a use after free bug in the
> my_login() function. DBD::mysql is a Perl module providing bindings to
> the mysql database. The issue was fixed in version 4.034.
>
> https://github.com/perl5-dbi/DBD-mysql/pull/45

> > When my_login fails the code tries to call mysql_errno on the mysql
> > connection. However my_login has already free'd that connection
> > variable, therefore causing a use-after-free error.
> >
> > This patch changes that so that the free happens after the call to the
> > error functions.
> >
> > https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156

Use CVE-2015-8949.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXmA3NAAoJEHb/MwWLVhi2T50P/2JWP75tgnyR/hKJzXM3Tunj
W2mE0M2ELKLJj3e+CDn97LgOl2jsv2CcpIo3VGuTYMeHZ/99wP2HRp7da0WSYMBI
CILmexHgb4bLWCbUg5H1P+Af2CCHGWcGz9ZlW5epwBD/bNaWw8ESDI46ua9j/QYj
9qpXfVZdzKGlfnO891gnwwmjzWQXPOw0YGCNs9xCPD5FNcM6S+pnUEPc8GU6G1QW
EdhzJnoCFCBAZRSrgHsU6h5nSpoLALMm/0f/h5Z3JWLUhD+ZRUeB3KVE0h5k4XTI
a2JZT7WYJRA7RBiazy+NSR6eh0zwDz1cBeHrZwuWMZQIP3epyL5VkGBxNZAwjycC
HEGqVOO3LLiWbjStDE0s8vad6b1XUZmQgOTr/gWAnb1R+PJm7rNSzCW2YL3t1jNy
V0xKpt/k2XIcrblTs3yaVw3Z5vUqJ87PjstHyA0aKzO/ID3lhT6DkQiuX4alOp9s
TQRbdX4PBjyzYSl15lNYAEosdZJeL+LTSYVABeD/Psppl8lcOzjDGEshUALEDLYn
LZMHpRxB2L7as+foW4xS9k6ueAfpwZgO/wORVZOHPtZaIDNMB/E+ZUcP3ubMgoro
SClTjv8oW6RWfcaVTjet/+eu0UfojDo17OXlpgoltWfXLCOf+b1hu8K5qsHYb4/s
wmAXCt8jSR66BgFTq8ft
=fO5Z
-----END PGP SIGNATURE-----