[MDEV-12150] Security: Use-after free with mysql_close() - CVE-2017-3302 - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: 5.5.54, 10.0.29, 10.1.21, 10.2.4
Fix Version/s: 5.5.55, 10.0.30, 10.1.22, 10.2.5
Component/s: Scripts & Clients
Labels:
- client
- security
- upstream

Description

Hi, as far as I know MariaDB is vulnerable for the issue with CVE identifier CVE-2017-3302.
This issue has been fixed by Oracle in the MySQL codebase.

See description and fix at http://www.openwall.com/lists/oss-security/2017/02/11/11

Attachments

Issue Links

is duplicated by

MDEV-11933 Wrong usage of linked list in mysql_prune_stmt_list

Closed

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Michiel Beijen

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2017-02-28 13:50

Updated:: 2017-02-28 14:32

Resolved:: 2017-02-28 14:32

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.