PHP Mysqlnd Extension Information Disclosure And Multiple Buffer Overflow Vulnerabilities Network Vulnerability

Summary

The PHP Mysqlnd extension is prone to an information-disclosure vulnerability and multiple buffer-overflow vulnerabilities. Successful exploits can allow attackers to obtain sensitive information or to execute arbitrary code in the context of applications using the vulnerable PHP functions. Failed attempts may lead to a denial-of-service condition. PHP 5.3 through 5.3.2 are vulnerable.

References

http://php-security.org/2010/05/31/mops-2010-056-php-php_mysqlnd_ok_read-information-leak-vulnerability/index.html
http://php-security.org/2010/05/31/mops-2010-057-php-php_mysqlnd_rset_header_read-buffer-overflow-vulnerability/index.html
http://php-security.org/2010/05/31/mops-2010-058-php-php_mysqlnd_read_error_from_line-buffer-overflow-vulnerability/index.html
http://php-security.org/2010/05/31/mops-2010-059-php-php_mysqlnd_auth_write-stack-buffer-overflow-vulnerability/index.html
http://www.php.net/
http://www.php.net/manual/en/book.mysqlnd.php
http://www.securityfocus.com/bid/40461

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AdaptBB Multiple Input Validation Vulnerabilities
Assesi 'bg' Parameter SQL Injection vulnerability
AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
ARRIS 2307 Unprotected Web Console
Apache Archiva Multiple Remote Command Execution Vulnerabilities

PHP Mysqlnd Extension Information Disclosure and Multiple Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities