CVE-2010-3063

The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used.

Published : 2010-08-20 20:00 Updated : 2010-12-07 06:50

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Php Php 5.3.2 cpe:/a:php:php:5.3.2
Php Php 5.3.1 cpe:/a:php:php:5.3.1
Php Php 5.3.0 cpe:/a:php:php:5.3.0
  1. Php (1) Search CVE
    1. Php (3) Search CVE
      1. 5.3.2
      2. 5.3.1
      3. 5.3.0

CWE

ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

History of changes

Date Event
2010-08-20 20:00

New CVE