[#MDEV-12150] Security: Use-after free with mysql_close()

[MDEV-12150] Security: Use-after free with mysql_close() - CVE-2017-3302 Created: 2017-02-28 Updated: 2017-02-28 Resolved: 2017-02-28
Status:	Closed
Project:	MariaDB Server
Component/s:	Scripts & Clients
Affects Version/s:	5.5.54, 10.0.29, 10.1.21, 10.2.4
Fix Version/s:	5.5.55, 10.0.30, 10.1.22, 10.2.5

Type:

Bug

Priority:

Major

Reporter:

Michiel Beijen

Assignee:

Sergei Golubchik

Resolution:

Duplicate

Votes:

Labels:

client, security, upstream

Issue Links:

Duplicate
is duplicated by	~~MDEV-11933~~	Wrong usage of linked list in mysql_p...	Closed

Description

Hi, as far as I know MariaDB is vulnerable for the issue with CVE identifier CVE-2017-3302.
This issue has been fixed by Oracle in the MySQL codebase.

See description and fix at http://www.openwall.com/lists/oss-security/2017/02/11/11

Comments

Comment by Michiel Beijen [ 2017-02-28 ]

Sorry, this seems to be a duplicate of https://jira.mariadb.org/browse/MDEV-11933

Comment by Sergei Golubchik [ 2017-02-28 ]

yup, already fixed

Generated at Thu Feb 08 07:55:30 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-12150] Security: Use-after free with mysql_close() - CVE-2017-3302 Created: 2017-02-28 Updated: 2017-02-28 Resolved: 2017-02-28