Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2009-2446

Опубликовано: 09 июл. 2009
Источник: redhat
CVSS2: 3.5

Описание

Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.

Отчет

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2446 The Red Hat Product Security has rated this issue as having low security impact, future MySQL package updates may address this flaw for Red Hat Enterprise Linux 3 and Red Hat Application Stack 2.

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=511020MySQL: Format string vulnerability by manipulation with database instances (crash)

3.5 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2009-2446

ubuntu
почти 16 лет назад

Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.

nvd логотип

CVE-2009-2446

nvd
почти 16 лет назад

Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.

debian логотип

CVE-2009-2446

debian
почти 16 лет назад

Multiple format string vulnerabilities in the dispatch_command functio ...

github логотип

GHSA-q8wr-mc75-9wjp

github
около 3 лет назад

Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.

oracle-oval логотип

ELSA-2009-1289

oracle-oval
почти 16 лет назад

ELSA-2009-1289: mysql security and bug fix update (MODERATE)

3.5 Low

CVSS2