CVE-2007-3780 — Improper Input Validation in Mysql Community Server

CWE-20 — Improper Input Validation6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

9.0%

top 7.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mysql Community Server

Timeline

PublishedJul 15

Latest updateMay 1

Description

MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmysql/community_server5.0.41

Patches

Patch: dev.mysql.com ↗Patch: dev.mysql.com ↗

🔴Vulnerability Details

GHSA

GHSA-r3rh-93q9-6h72: MySQL Community Server before 5↗2022-05-01

▶

CVEList

CVE-2007-3780: MySQL Community Server before 5↗2007-07-15

▶

📋Vendor Advisories

Ubuntu

MySQL vulnerabilities↗2007-10-11

▶

Red Hat

mysql malformed password crasher↗2007-07-04

▶

💬Community

Bugzilla

CVE-2007-3780 mysql malformed password crasher↗2007-08-24

▶