Vulnerability Details CVE-2014-9906
Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.03
EPSS Ranking 85.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog
- http://www.debian.org/security/2016/dsa-3635
- http://www.openwall.com/lists/oss-security/2016/07/27/5
- http://www.openwall.com/lists/oss-security/2016/07/27/6
- http://www.securityfocus.com/bid/92149
- https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc
- https://rt.cpan.org/Public/Bug/Display.html?id=97625
- http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog
- http://www.debian.org/security/2016/dsa-3635
- http://www.openwall.com/lists/oss-security/2016/07/27/5
- http://www.openwall.com/lists/oss-security/2016/07/27/6
- http://www.securityfocus.com/bid/92149
- https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc
- https://rt.cpan.org/Public/Bug/Display.html?id=97625
Products affected by CVE-2014-9906
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0000_0
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0001_1
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0001_2
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0001_3
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0002_1
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0002_2
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0002_3
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0002_4
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0002_5
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0003_1
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0004_1
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0005
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0005_1
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0007_2
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0008_1
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:3.0009_1
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.00
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.001
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.002
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.003
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.004
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.005
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.006
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.007
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.008
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.009
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.010
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.011
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.012
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.013
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.014
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.015
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.016
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.017
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.018
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.019
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.020
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.021
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.022
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.023
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.024
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.025
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.026
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.027
-
cpe:2.3:a:dbd-mysql_project:dbd-mysql:4.028
-
cpe:2.3:o:debian:debian_linux:8.0