CVE-2010-1850 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mysql

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents5 sources

Severity

6.0MEDIUMNVD

EPSS

63.3%

top 1.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mysql Oracle Mysql

Timeline

PublishedJun 8

Latest updateMay 13

Description

Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages2 packages

▶NVDmysql/mysql23 versions+22

▶NVDoracle/mysql62 versions+61

🔴Vulnerability Details

GHSA

GHSA-2gf7-pwpq-8w42: Buffer overflow in MySQL 5↗2022-05-13

▶

📋Vendor Advisories

Ubuntu

MySQL vulnerabilities↗2012-03-12

▶

Ubuntu

MySQL vulnerabilities↗2010-06-09

▶

Red Hat

mysql: COM_FIELD_LIST table name buffer overflow↗2010-05-13

▶

💬Community

Bugzilla

CVE-2010-1850 mysql: COM_FIELD_LIST table name buffer overflow↗2010-05-13

▶

Bugzilla

CVE-2010-1848 mysql: multiple insufficient table name checks↗2010-05-13

▶