CVE-2010-3064

Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function.

Published : 2010-08-20 20:00 Updated : 2010-12-07 06:50

6.8
CVSS Score More info
Score 6.8 / 10
6.8
Vendor Product Version URI
Php Php 5.3.2 cpe:/a:php:php:5.3.2
Php Php 5.3.1 cpe:/a:php:php:5.3.1
Php Php 5.3.0 cpe:/a:php:php:5.3.0
  1. Php (1) Search CVE
    1. Php (3) Search CVE
      1. 5.3.2
      2. 5.3.1
      3. 5.3.0

CWE

ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

History of changes

Date Event
2010-08-20 20:00

New CVE