Medium severity5.9NVD Advisory· Published Feb 17, 2017· Updated May 13, 2026

CVE-2016-1249

Description

The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2016/11/16/1nvdMailing ListMitigationPatchThird Party Advisory
github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabenvdPatchThird Party Advisory
cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/ChangesnvdRelease NotesVendor Advisory
www.securityfocus.com/bid/94350nvdThird Party AdvisoryVDB Entry
security.gentoo.org/glsa/201701-51nvd

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000