{"id":"CVE-2016-1249","details":"The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression.","modified":"2026-04-16T06:17:51.949912221Z","published":"2017-02-17T02:59:10.780Z","related":["SUSE-SU-2017:0122-1","SUSE-SU-2017:0123-1","openSUSE-SU-2024:10186-1"],"references":[{"type":"ADVISORY","url":"http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94350"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-51"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/11/16/1"},{"type":"FIX","url":"https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/perl5-dbi/dbd-mysql","events":[{"introduced":"0"},{"last_affected":"7e3a83d1da5f5a554be14fef4302cd72759b8696"},{"fixed":"793b72b1a0baa5070adacaac0e12fd995a6fbabe"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.038_01"}]}}],"versions":["4.030_01","4.030_02","4.031","4.032","4.032_01","4.032_02","4.032_03","4.033","4.033_01","4.033_02","4.033_03","4.034","4.035","4.035_01","4.035_02","4.035_03","4.036","4.037","4.037_01","4.037_02","4.038","4.038_01","4_012","4_013","4_014","4_015","4_019","4_020","4_022","4_022_1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1249.json","vanir_signatures":[{"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2016-1249-0a716684","digest":{"length":5881,"function_hash":"120431073301600613673628013866615804657"},"target":{"file":"dbdimp.c","function":"dbd_st_prepare"},"source":"https://github.com/perl5-dbi/dbd-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe"},{"source":"https://github.com/perl5-dbi/dbd-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe","id":"CVE-2016-1249-f323a6a9","signature_type":"Line","deprecated":false,"signature_version":"v1","target":{"file":"dbdimp.c"},"digest":{"threshold":0.9,"line_hashes":["214265951609978338369919005764549673471","337680474871008106237811754070267632545","234794358956907151003638356871999807988","237521744197356870384458222050547815758","220798814237120989767067474392529511298","331143608554633616522052051664490092848","30913731508193157968139537232519232360","215049376307667819509985361231627269645","10488226916656814461637432346760515264","227585699423801418742859167953441539741","323322230631569002577789083524386602641","250147985199444582907250643855215510400","143640525266906114507986831320702147654","876462120217845295319115628975239597","30753181665163020001249535813513267824","183971193104132050144092120280517814351"]}}],"vanir_signatures_modified":"2026-04-11T03:43:38Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}