Description

The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used.

Remediation

References

CVE-2010-3063

Related Vulnerabilities

Perl Improper Certificate Validation Vulnerability (CVE-2023-31484)

Nginx Other Vulnerability (CVE-2016-0746)

WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more Unspecified Vulnerability (1.9.3)

PHP Numeric Errors Vulnerability (CVE-2010-4645)

WordPress Plugin Menu Image Malware/Addware Notification (2.6.9)

Severity

Medium

Classification

CVE-2010-3063 CWE-119

Tags

Missing Update Known Vulnerabilities