Description
mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function.
Remediation
References
Related Vulnerabilities
WordPress Plugin Copperleaf Photolog 'cplphoto.php' SQL Injection (0.16)
WordPress Plugin Under Construction Open Redirect (3.20)
MySQL CVE-2012-0583 Vulnerability (CVE-2012-0583)
Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2010-1433)
Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-28336)