Remote Memory Exposure

2018-04-24T20:43:25
ID NODEJS:602
Type nodejs
Reporter Сковорода Никита Андреевич
Modified 2019-06-24T15:22:03

Description

Overview

Versions of mysql before 2.14.0 are vulnerable to remove memory exposure.

Affected versions of mysql package allocate and send an uninitialized memory over the network when a number is provided as a password.

Only mysql running on Node.js versions below 6.0.0 is affected due to a throw added in newer node.js versions.

Proof of Concept:

require('mysql').createConnection({ host: 'localhost', user: 'user', password : USERPROVIDEDINPUT, // number database : 'my_db' }).connect();

Recommendation

Update to version 2.14.0 or later.

References