mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2010-08-20T19:00:00
Updated: 2010-09-30T09:00:00
Reserved: 2010-08-20T00:00:00
Link: CVE-2010-3062
JSON object: View
NVD Information
Status : Modified
Published: 2010-08-20T20:00:03.000
Modified: 2010-12-07T06:50:28.843
Link: CVE-2010-3062
JSON object: View
Redhat Information
No data.
CWE