CVE-2002-1373 — Oracle Mysql vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

3.1%

top 13.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Mysql

Timeline

PublishedDec 23

Latest updateApr 30

Description

Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDoracle/mysql47 versions+46

Patches

Patch: www.redhat.com ↗Patch: www.securityfocus.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-fhww-cg6g-p27c: Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3↗2022-04-30

▶

📋Vendor Advisories

Red Hat

security flaw↗2002-12-12

▶

💬Community

Bugzilla

CVE-2002-1373 security flaw↗2018-08-16

▶