Description
The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used.
Remediation
References
Related Vulnerabilities
Moodle Other Vulnerability (CVE-2007-1429)
WordPress Plugin VIDEO GALLERY 'upload1.php' Arbitrary File Upload (1.3)
MySQL Uncontrolled Resource Consumption Vulnerability (CVE-2025-50078)
WordPress Plugin YOP Poll Cross-Site Scripting (5.8.0)
TYPO3 Improper Input Validation Vulnerability (CVE-2011-4904)