cbcvebase.
CVE-2006-1516
published 2006-05-05

CVE-2006-1516: The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions…

PriorityP338medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
33.50%
98.2th percentile
The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.

Affected

67 ranges· showing 25
VendorProductVersion rangeFixed in
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
oraclemysql
oraclemysql
oraclemysql
oraclemysql
oraclemysql
oraclemysql
oraclemysql
oraclemysql

Detection & IOCsextracted from sources · hover to see the quote

path/tmp/mysql2.sock
bytes
0x3d,0x00,0x00,0x01,0x0d,0xa6,0x03,0x00,0x00,0x00,0x00,0x01,0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x41,0x41,0x41,0x41,0x41,0x41,0x14,0x99,0xdb,0x54,0xb6,0x6a,0xd7,0xc2,0x86,0x4c,0x50,0xa8,0x14,0xfe,0x2e,0x98,0x27,0x72,0x0d,0xad,0x45,0x73,0x00
  • Detect malformed MySQL login packets containing a username field with no trailing null byte — the exploit sends a crafted anonymous login packet (65 bytes) to trigger a buffer over-read in check_connection().
  • Monitor MySQL login traffic for anonymous login attempts (empty/null username) without a null terminator; the exploit uses a fixed 65-byte packet with 0x41 padding in the username field.
  • The vulnerable code path is the check_connection function in sql_parse.cc; patch or upgrade to MySQL 4.0.27+, 4.1.19+, or 5.0.21+ to remediate.
  • ·The exploit supports both TCP and Unix domain socket (USOCK) connection modes; detection via network signatures will miss local Unix socket exploitation.

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.