CVE-2006-1518

Description

Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values.

CVSS Metrics

• v2.0•MEDIUM•Score: 6.5AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 42.79%• Percentile: 98%

Affected Systems

• mysql•mysql

  5.0.1 | 5.0.2 | 5.0.3 | 5.0.4 | 5.0.5 | 5.0.10 | 5.0.15 | 5.0.16 | 5.0.17 | 5.0.20

• oracle•mysql

  5.0.0:alpha | 5.0.3:beta | 5.0.6 | 5.0.7 | 5.0.8 | 5.0.9 | 5.0.11 | 5.0.12 | 5.0.13 | 5.0.14 | 5.0.18 | 5.0.19

References (21)

• http://www.securityfocus.com/archive/1/432734/100/0/threaded
• http://secunia.com/advisories/19929
• http://www.wisec.it/vulns.php?page=8
• http://www.debian.org/security/2006/dsa-1079
• http://www.vupen.com/english/advisories/2006/1633
• http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.html
• http://securityreason.com/securityalert/839
• http://www.novell.com/linux/security/advisories/2006-06-02.html
• http://www.securityfocus.com/bid/17780
• http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html
• http://secunia.com/advisories/20241
• http://secunia.com/advisories/20762
• https://exchange.xforce.ibmcloud.com/vulnerabilities/26232
• http://secunia.com/advisories/20333
• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365939
• http://securitytracker.com/id?1016016
• http://www.debian.org/security/2006/dsa-1071
• http://secunia.com/advisories/20253
• http://secunia.com/advisories/20457
• http://www.debian.org/security/2006/dsa-1073
• http://www.kb.cert.org/vuls/id/602457