CVE-2005-2558 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mysql

5 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

14.8%

top 5.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mysql Oracle Mysql

Timeline

PublishedAug 16

Latest updateMay 3

Description

Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

▶NVDmysql/mysql7 versions+6

▶NVDoracle/mysql27 versions+26

Patches

Patch: lists.grok.org.uk ↗Patch: www.appsecinc.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-qxmx-9x27-fp8j: Stack-based buffer overflow in the init_syms function in MySQL 4↗2022-05-03

▶

📋Vendor Advisories

Ubuntu

MySQL 4.1 vulnerability↗2005-12-05

▶

Ubuntu

MySQL vulnerability↗2005-09-12

▶

📄Research Papers

arXiv

DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees↗2013-03-29

▶