A use after free vulnerability when using prepared statements was found in DBD::mysql. Function dbd_st_fetch() via Renew() can reallocate output buffer for mysql_stmt_fetch() call, but it does not update pointer to that buffer in imp_sth->stmt structure initialized by mysql_stmt_bind_result() function, which leads to use after free in any mysql function which access imp_sth->stmt structure.
This vulnerability is present in all releases at least back to versions 3.0 of the driver, which were released in 2005.
Created perl-DBD-MySQL tracking bugs for this issue:
Affects: fedora-all [bug 1399581]
This problem is only exposed when the user uses server-side prepared statement support (mysql_server_prepare=1), which is NOT default behavior and was turned off back for all drivers per MySQL AB decision in 2006 due to issues with server-side prepared statements in the server.
Use the default driver setting which uses emulated prepared statements.