Description
mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function.
Remediation
References
Related Vulnerabilities
WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.11)
Internet Information Services Other Vulnerability (CVE-2002-0147)
WordPress Plugin Yoast SEO Cross-Site Scripting (5.7.1)
WordPress Plugin WordPress Filter Gallery Security Bypass (0.0.6)
WordPress Plugin WP SVG Icons Cross-Site Request Forgery (3.2.1)