Published: 23/12/2002 Updated: 07/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote malicious users to cause a denial of service and possibly execute arbitrary code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle mysql 3.22.32
oracle mysql 3.23.10
oracle mysql 3.23.28
oracle mysql 3.23.29
oracle mysql 3.23.38
oracle mysql 3.23.39
oracle mysql 3.23.46
oracle mysql 3.23.47
oracle mysql 3.23.53
oracle mysql 3.23.53a
oracle mysql 4.0.5a
symantec veritas netbackup advanced reporter 3.4
symantec veritas netbackup global data manager 4.5
symantec veritas netbackup global data manager 4.5_fp1
oracle mysql 3.23.2
oracle mysql 3.23.23
oracle mysql 3.23.3
oracle mysql 3.23.30
oracle mysql 3.23.4
oracle mysql 3.23.40
oracle mysql 3.23.48
oracle mysql 3.23.49
oracle mysql 3.23.8
oracle mysql 3.23.9
symantec veritas netbackup advanced reporter 4.5
symantec veritas netbackup advanced reporter 4.5_fp1
symantec veritas netbackup advanced reporter 4.5_fp2
symantec veritas netbackup global data manager 4.5_fp2
symantec veritas netbackup global data manager 4.5_fp3
oracle mysql 3.22.26
oracle mysql 3.22.27
oracle mysql 3.23.24
oracle mysql 3.23.25
oracle mysql 3.23.31
oracle mysql 3.23.34
oracle mysql 3.23.41
oracle mysql 3.23.42
oracle mysql 3.23.43
oracle mysql 3.23.5
oracle mysql 3.23.50
oracle mysql 4.0.0
oracle mysql 4.0.1
symantec veritas netbackup advanced reporter 4.5_fp3
symantec veritas netbackup advanced reporter 4.5_mp1
symantec veritas netbackup global data manager 4.5_mp1
symantec veritas netbackup global data manager 4.5_mp2
oracle mysql 3.22.28
oracle mysql 3.22.29
oracle mysql 3.22.30
oracle mysql 3.23.26
oracle mysql 3.23.27
oracle mysql 3.23.36
oracle mysql 3.23.37
oracle mysql 3.23.44
oracle mysql 3.23.45
oracle mysql 3.23.51
oracle mysql 3.23.52
oracle mysql 4.0.2
oracle mysql 4.0.3
symantec veritas netbackup advanced reporter 4.5_mp2
symantec veritas netbackup advanced reporter 4.5_mp3
symantec veritas netbackup global data manager 4.5_mp3

While performing an audit of MySQL e-matters found several problems: signed/unsigned problem in COM_TABLE_DUMP Two sizes were taken as signed integers from a request and then cast to unsigned integers without checking for negative numbers Since the resulting numbers where used for a memcpy() operation this could lead to memory corrupti ...

NVD-CWE-Other http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html http://www.securityfocus.com/bid/6370 http://www.securityfocus.com/bid/6374 http://security.e-matters.de/advisories/042002.html http://www.redhat.com/support/errata/RHSA-2002-288.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555 http://www.debian.org/security/2002/dsa-212 http://www.mandriva.com/security/advisories?name=MDKSA-2002:087 http://marc.info/?l=bugtraq&m=104004857201968&w=2 http://marc.info/?l=bugtraq&m=104033188706000&w=2 http://marc.info/?l=bugtraq&m=104005886114500&w=2 http://marc.info/?l=bugtraq&m=103971644013961&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/10850 https://exchange.xforce.ibmcloud.com/vulnerabilities/10849 https://nvd.nist.gov https://www.debian.org/security/./dsa-212

CVE-2002-1376

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect