CVE-2017-10788 — Use After Free in Project Dbd-mysql

CWE-416 — Use After Free13 documents8 sources
Severity
9.8CRITICALNVD
OSV5.9
EPSS
0.8%
top 26.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dbd-mysql Project Dbd-mysql
Timeline
PublishedJul 1
Latest updateApr 7

Description

The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

5
OSV
libdbd-mysql-perl vulnerabilities↗2025-04-07
â–¶
GHSA
GHSA-hx52-v9vv-vhp2: The DBD::mysql module through 4↗2022-05-17
â–¶
OSV
libdbd-mysql-perl vulnerabilities↗2022-04-01
â–¶
CVEList
CVE-2017-10788: The DBD::mysql module through 4↗2017-07-01
â–¶
OSV
CVE-2017-10788: The DBD::mysql module through 4↗2017-07-01
â–¶

📋Vendor Advisories

4
Ubuntu
libdbd-mysql-perl vulnerabilities↗2025-04-07
â–¶
Ubuntu
DBD::mysql vulnerabilities↗2022-04-01
â–¶
Red Hat
perl-DBD-MySQL: Use-after-free when calling mysql_stmt_error() after mysql_stmt_close()↗2017-06-08
â–¶
Debian
CVE-2017-10788: libdbd-mysql-perl - The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a ...↗2017
â–¶

💬Community

3
Bugzilla
CVE-2017-3635 mysql: C API unspecified vulnerability (CPU Jul 2017)↗2017-07-19
â–¶
Bugzilla
CVE-2017-10788 perl-DBD-MySQL: Use-after-free when calling mysql_stmt_error() after mysql_stmt_close()↗2017-07-04
â–¶
Bugzilla
CVE-2017-10788 CVE-2017-10789 perl-DBD-MySQL: various flaws [fedora-all]↗2017-07-04
â–¶
CVE-2017-10788 — Use After Free in Project Dbd-mysql | cvebase