CPANSA-DBD-MariaDB-2017-01: DBD-MariaDB vulnerability

Publisher	giterlizzi	Document category	csaf_security_advisory
Initial release date	2017-07-01T00:00:00	Engine	CSAF Perl Toolkit 0.25
Current release date	2017-07-01T00:00:00	Build Date
Current version	1	Status	final
CVSS v3.1 Base Score	7.5	Severity
Original language		Language	en
Also referred to

Vulnerability Description

Leaking dangling pointers.

Vulnerabilities

CVE-2017-3302

Vulnerability Description

Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.

Weakness	CWE-416 : Use After Free

Product status

Known affected

Product

Score

DBD-MariaDB less than 1.00

CVSS Version	CVSS Vector	CVSS Base Score	CVSS Base Severity
3.0	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5	High
2.0	AV:N/AC:L/Au:N/C:N/I:N/A:P	5.0	Medium

Fixed

DBD-MariaDB greater than or equal 1.00

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

CPANSA-DBD-MariaDB-2017-01 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2017/cpansa-dbd-mariadb-2017-01.json
https://metacpan.org/changes/distribution/DBD-MariaDB external
https://metacpan.org/changes/distribution/DBD-MariaDB
CVE-2017-3302 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2017-3302

Revision history

Version	Date of the revision	Summary of the revision
1	Sat Jul 1 00:00:00 2017	First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/