cbcvebase.
CVE-2009-2446
published 2009-07-13

CVE-2009-2446: Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote…

PriorityP344high8.5CVSS 2.0
AVNACMAuSCCICAC
EXPLOIT
EPSS
10.59%
95.2th percentile
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.

Affected

111 ranges· showing 25
VendorProductVersion rangeFixed in
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql

CVSS provenance

nvdv2.08.5HIGHAV:N/AC:M/Au:S/C:C/I:C/A:C
vendor_redhat8.5HIGH
vendor_ubuntu4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.