Description

Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function.

Remediation

References

CVE-2010-3064

Related Vulnerabilities

WordPress Plugin MyPixs Local File Inclusion (0.3)

ownCloud Improper Access Control Vulnerability (CVE-2016-9462)

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (6.4.2)

WordPress Plugin User Photo 'user-photo.php' Arbitrary File Upload (0.9.4)

PleskWin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-0132)

Severity

Medium

Classification

CVE-2010-3064 CWE-119

Tags

Missing Update Known Vulnerabilities