Main Vulnerability Database Vulnerabilities #VU13110

Man-in-the-middle attack in dbd-mysql - CVE-2017-10788

Published: May 29, 2018 / Updated: May 31, 2018

Vulnerability identifier: #VU13110

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-10788

CWE-ID: CWE-300

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: CPAN

Affected software:
dbd-mysql

Detailed vulnerability description

The vulnerability allows a remote attacker to conduct man-in-the-middle attack on the target system.

The vulnerability exists due to use-after-free error when improper certificate validation. A remote attacker can conduct man-in-the-middle attack, intercept of the communication channel between the affected app, trigger (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server and cause the service to crash.

How to mitigate CVE-2017-10788

Install update from vendor's website.

Sources

https://github.com/perl5-dbi/DBD-mysql/issues/120

Man-in-the-middle attack in dbd-mysql - CVE-2017-10788

Detailed vulnerability description

How to mitigate CVE-2017-10788

Sources

Please verify you're human