CVE-2004-0836 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Oracle Mysql

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

2.7%

top 14.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Mysql Debian Linux

Timeline

PublishedNov 3

Latest updateApr 29

Description

Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDoracle/mysql3.20 — 3.23.49+1

Also affects: Debian Linux 3.0

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-6f26-27c8-j6cv: Buffer overflow in the mysql_real_connect function in MySQL 4↗2022-04-29

▶

📋Vendor Advisories

Ubuntu

mysql vulnerabilities↗2004-11-25

▶

Red Hat

security flaw↗2004-06-04

▶

💬Community

Bugzilla

CVE-2004-0836 security flaw↗2018-08-16

▶