Description

Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function.

Remediation

References

CVE-2006-0097

Related Vulnerabilities

MySQL CVE-2018-2647 Vulnerability (CVE-2018-2647)

WordPress Plugin Donation Block For PayPal Cross-Site Scripting (2.0.0)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-3741)

Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7872)

WordPress Plugin Photo Gallery by Ays-Responsive Image Gallery SQL Injection (1.0.0)

Severity

High

Classification

CVE-2006-0097 CWE-119

Tags

Missing Update Known Vulnerabilities