CVE-2010-3062

CVE-2010-3062 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.