Description
The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used.
Remediation
References
Related Vulnerabilities
WordPress Plugin Events Shortcodes For The Events Calendar Security Bypass (1.9.4)
Drupal Core 8.8.x Information Disclosure (8.8.0 - 8.8.9)
WordPress Plugin Fusion:Extension-Menu Multiple Unspecified Vulnerabilities (1.0.2)
Drupal Core 9.0.x Multiple Security Bypass Vulnerabilities (9.0.0 - 9.0.14)
Grafana Improper Input Validation Vulnerability (CVE-2022-39306)