CVE-2016-1249

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-1249
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1249.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-1249
Downstream
Related
Published
2017-02-17T02:59:10.780Z
Modified
2025-11-20T10:24:21.335425Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression.

References

Affected packages

Git / github.com/perl5-dbi/dbd-mysql

Affected ranges

Type
GIT
Repo
https://github.com/perl5-dbi/dbd-mysql
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
793b72b1a0baa5070adacaac0e12fd995a6fbabe

Affected versions

4.*

4.030_01
4.030_02
4.031
4.032
4.032_01
4.032_02
4.032_03
4.033
4.033_01
4.033_02
4.033_03
4.034
4.035
4.035_01
4.035_02
4.035_03
4.036
4.037
4.037_01
4.037_02
4.038
4.038_01

Other

4_012
4_013
4_014
4_015
4_019
4_020
4_022
4_022_1

Database specific

vanir_signatures

[
    {
        "target": {
            "file": "dbdimp.c",
            "function": "dbd_st_prepare"
        },
        "digest": {
            "length": 5881.0,
            "function_hash": "120431073301600613673628013866615804657"
        },
        "id": "CVE-2016-1249-0a716684",
        "deprecated": false,
        "source": "https://github.com/perl5-dbi/dbd-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe",
        "signature_version": "v1",
        "signature_type": "Function"
    },
    {
        "target": {
            "file": "dbdimp.c"
        },
        "digest": {
            "line_hashes": [
                "214265951609978338369919005764549673471",
                "337680474871008106237811754070267632545",
                "234794358956907151003638356871999807988",
                "237521744197356870384458222050547815758",
                "220798814237120989767067474392529511298",
                "331143608554633616522052051664490092848",
                "30913731508193157968139537232519232360",
                "215049376307667819509985361231627269645",
                "10488226916656814461637432346760515264",
                "227585699423801418742859167953441539741",
                "323322230631569002577789083524386602641",
                "250147985199444582907250643855215510400",
                "143640525266906114507986831320702147654",
                "876462120217845295319115628975239597",
                "30753181665163020001249535813513267824",
                "183971193104132050144092120280517814351"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2016-1249-f323a6a9",
        "deprecated": false,
        "source": "https://github.com/perl5-dbi/dbd-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe",
        "signature_version": "v1",
        "signature_type": "Line"
    }
]