CVE-2008-3963

Advisory lineage Upstream: 0 Downstream: 3
Modified
Published: 10 Sept 2008, 15:00
Last modified:07 Aug 2024, 10:00

Vulnerability Summary

Overall Risk (default)
medium
27/100
CVSS Score
4 MEDIUM
v2.0 (nvd)
EPSS Score
5.42% LOW
5% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected

Timeline

10 Sept 2008, 15:00
Published
Vulnerability first disclosed
07 Aug 2024, 10:00
Last Modified
Vulnerability information updated

Description

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.

CVSS Metrics

  • v2.0MEDIUMScore: 4AV:N/AC:L/Au:S/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 5.42% Percentile: 90%

Techniques & Countermeasures

  • CWE-134Use of Externally-Controlled Format String

    The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Affected Systems

  • mysqlmysql

    5.0.0 | 5.0.1 | 5.0.2 | 5.0.3 | 5.0.4 | 5.0.5 | 5.0.5.0.21 | 5.0.10 | 5.0.15 | 5.0.16 | 5.0.17 | 5.0.20 | 5.0.22.1.0.1 | 5.0.24 | 5.0.30 | 5.0.36 | 5.0.44 | 5.0.54 | 5.0.56 | 5.0.60 | 5.1.5 | 5.1.23

  • oraclemysql

    5.0.0:alpha | 5.0.6 | 5.0.23 | 5.0.25 | 5.0.26 | 5.0.30:sp1 | 5.0.32 | 5.0.33 | 5.0.38 | 5.0.41 | 5.0.42 | 5.0.45 | 5.0.50 | 5.0.51 | 5.0.52 | 5.1 | 5.1.1 | 5.1.2 | 5.1.3 | 5.1.4 | 5.1.6 | 5.1.7 | 5.1.8 | 5.1.9 | 5.1.10 | 5.1.11 | 5.1.12 | 5.1.13 | 5.1.14 | 5.1.15 | 5.1.16 | 5.1.17 | 5.1.18 | 5.1.19 | 5.1.20 | 5.1.21 | 5.1.22 | 6.0.0 | 6.0.1 | 6.0.2 | 6.0.3 | 6.0.4

References (23)