7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.952 High
EPSS
Percentile
99.4%
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before
5.5.35 allows remote database servers to cause a denial of service (crash)
and possibly execute arbitrary code via a long server version string.
Author | Note |
---|---|
mdeslaur | Looks like this was fixed in 5.5.37 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | mysql-5.5 | < 5.5.37-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | mysql-5.5 | < 5.5.37-0ubuntu0.12.10.1 | UNKNOWN |
ubuntu | 13.10 | noarch | mysql-5.5 | < 5.5.37-0ubuntu0.13.10.1 | UNKNOWN |
ubuntu | 14.04 | noarch | mysql-5.5 | < 5.5.37-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 14.10 | noarch | mysql-5.5 | < 5.5.37-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | mysql-5.6 | < 5.6.17-0ubuntu0.14.04.1 | UNKNOWN |
bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64
osvdb.org/102713
bugzilla.redhat.com/show_bug.cgi?id=1054592
launchpad.net/bugs/cve/CVE-2014-0001
mariadb.com/kb/en/mariadb-5535-changelog/
nvd.nist.gov/vuln/detail/CVE-2014-0001
security-tracker.debian.org/tracker/CVE-2014-0001
ubuntu.com/security/notices/USN-2170-1
www.cve.org/CVERecord?id=CVE-2014-0001