Description
mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function.
Remediation
References
Related Vulnerabilities
MySQL CVE-2022-21362 Vulnerability (CVE-2022-21362)
MySQL CVE-2019-2634 Vulnerability (CVE-2019-2634)
WordPress Plugin WP Maintenance Mode Cross-Site Request Forgery (1.8.7)
WordPress Plugin Menu Swapper Cross-Site Request Forgery (1.1.0.2)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5492)