Description

mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function.

Remediation

References

CVE-2010-3062

Related Vulnerabilities

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28978)

Oracle Application Server Other Vulnerability (CVE-2002-1632)

WordPress Plugin All in One Webmaster Unspecified Vulnerability (11.0)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14820)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-10159)

Severity

Medium

Classification

CVE-2010-3062 CWE-200

Tags

Missing Update Known Vulnerabilities