The mysql_real_connect function doesn't properly handle DNS replies
by copying the IP address into a buffer without any length checking.
A specially crafted DNS reply may therefore be used to cause a buffer
overflow on affected systems.
Note that whether this issue can be exploitable depends on the
system library responsible for the gethostbyname function. The bug
finder, Lukasz Wojtow, explaines this with the following words:
In glibc there is a limitation for an IP address to have only 4
bytes (obviously), but generally speaking the length of the address
comes with a response for dns query (i know it sounds funny but
read rfc1035 if you don't believe). This bug can occur on libraries
where gethostbyname function takes length from dns's response