Description
The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used.
Remediation
References
Related Vulnerabilities
Dotclear Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-9268)
WordPress Plugin Simple:Press-WordPress Forum Arbitrary File Upload (6.6.0)
Undertow Incorrect Authorization Vulnerability (CVE-2017-12196)
WordPress Plugin WPPizza Cross-Site Scripting (2.11.8.17)
WordPress Plugin aoringo CAT setter Cross-Site Scripting (0.1.1)