CVE-2006-3469

Published Jul 21, 2006

Last updated a month ago

CVSS info 4.0

Overview

Description: Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-134

Hype score: Not currently trending

Vendor comments

Red HatThis issue was addressed in mysql packages as shipped in Red Hat Enterprise Linux 4 via: https://rhn.redhat.com/errata/RHSA-2008-0768.html This issue did not affect mysql packages as shipped with Red Hat Enterprise Linux 2.1, 3, or 5, and Red Hat Application Stack v1 and v2.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mysql:mysql:4.1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADBEDF5A-5205-4012-B9B8-0FA304E7119A"
          },
          {
            "criteria": "cpe:2.3:a:mysql:mysql:4.1.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AC969A5-52CC-44F2-A929-DE559A5D7624"
          },
          {
            "criteria": "cpe:2.3:a:mysql:mysql:4.1.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A4D224C-8ABF-41A0-A7BE-C10C2387DE95"
          },
          {
            "criteria": "cpe:2.3:a:mysql:mysql:4.1.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DD36E9E-89A0-42C2-AC50-7A5BC53B3D0F"
          },
          {
            "criteria": "cpe:2.3:a:mysql:mysql:4.1.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C93CE88F-2941-4A08-9472-359CF214F81C"
          },
          {
            "criteria": "cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDA03768-74D2-4C5D-ABCF-8A91F9E6C273"
          },
          {
            "criteria": "cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "542B23CB-7535-4EF7-B926-466A5161A0D4"
          },
          {
            "criteria": "cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45E686C3-4100-465C-9F45-068580B496E5"
          },
          {
            "criteria": "cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E9F09D8-6FAE-4A5B-AE04-248CD52C5FF4"
          },
          {
            "criteria": "cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB618DB2-6B00-4E99-8232-937D2C51986B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:4.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66C06765-D153-4D4D-B8CD-DB2E386E082B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:4.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4297E6B7-6C5A-4D52-A66B-F9D1AE17E988"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:4.1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "141D83A9-89C2-456F-B70D-F274EBE3EAC7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:4.1.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0670E6AA-28B1-4B0C-84F9-F3F9F3E6ABDC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:4.1.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6769975-47A4-4D0A-9181-F59776D13D38"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:4.1.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E241159-FAA4-4DCF-AB68-BE36DF95D59A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:4.1.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB6995B6-B594-454B-BD26-EACFB8241DA2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:4.1.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC14E107-7C11-4D5B-994B-CCACFD62097E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1668BB5B-E7FB-4430-B8D5-89E308F5DD39"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:5.0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7777E919-FD4B-452B-88D7-165410C703F2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A56ACB60-EC2C-45AF-B923-B3A90A2F7AE1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67C52D66-3BCA-4854-BF09-CB6DF1AC0E48"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF54CC8D-B736-461D-B693-686E862EF969"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "053ACE9B-A146-42C0-ADB2-47F6119965D8"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30B4F891-2A03-45A8-A49C-7F8B8F7D8407"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References