cbcvebase.
CVE-2010-1850
published 2010-06-08

CVE-2010-1850: Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with…

PriorityP343medium6CVSS 2.0
AVNACMAuSCPIPAP
EPSS
21.79%
97.3th percentile
Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.

Affected

85 ranges· showing 25
VendorProductVersion rangeFixed in
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
oraclemysql
oraclemysql

Detection & IOCsextracted from sources · hover to see the quote

commandCOM_FIELD_LIST
  • Monitor MySQL traffic for COM_FIELD_LIST command packets containing abnormally long table name fields, which may indicate a buffer overflow exploitation attempt.
  • Alert on authenticated MySQL sessions issuing COM_FIELD_LIST with table name arguments that exceed normal length bounds, as this is the specific attack vector for CVE-2010-1850.
  • Affected versions are MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47; flag any such version exposed to authenticated remote users as high-priority for patching.
  • ·Default compiler options (e.g. stack protection) on some distributions reduce the vulnerability from remote code execution to denial of service only.
  • ·Red Hat Enterprise Linux 3 and 4 shipped versions of MySQL that were not affected by this CVE.
  • ·MySQL as shipped with Red Hat Enterprise Linux 6 is also listed as not affected.

CVSS provenance

nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
vendor_redhat6.0MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.