oss-sec mailing list archives

CVE-2017-10788 for DBD::mysql (Re: [oss-security] Re: MySQL - use-after-free after mysql_stmt_close())

From: Pali Rohár <pali.rohar () gmail com>
Date: Mon, 3 Jul 2017 10:00:07 +0200

On Thursday 15 June 2017 15:50:42 Adam Maris wrote:

On Mon, 2017-06-12 at 23:47 +0200, Pali Rohár wrote:

Hello!

Any idea how to handle this particular problem?


Hi!

Given that Oracle (silently) updated the vulnerable example in their
documentation, this likely indicates the way to handle this -
applications that copied the vulnerable example needs to be fixed and
CVEs will be assigned per application.

Best Regards,


Hi! Just to note that Mitre now assigned CVE-2017-10788 for DBD::mysql:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10788

-- 
Pali Rohár
pali.rohar () gmail com

Current thread:

CVE-2017-10788 for DBD::mysql (Re: [oss-security] Re: MySQL - use-after-free after mysql_stmt_close()) Pali Rohár (Jul 03)