CVE-2002-1376

Published: 23/12/2002 Updated: 07/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote malicious users to cause a denial of service and possibly execute arbitrary code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
symantec veritas netbackup global data manager 4.5 mp2
symantec veritas netbackup global data manager 4.5 fp2
symantec veritas netbackup global data manager 4.5 fp1
symantec veritas netbackup global data manager 4.5 fp3
symantec veritas netbackup advanced reporter 4.5 fp2
symantec veritas netbackup advanced reporter 4.5 fp1
symantec veritas netbackup advanced reporter 4.5 mp1
symantec veritas netbackup advanced reporter 4.5 fp3
symantec veritas netbackup global data manager 4.5 mp1
symantec veritas netbackup advanced reporter 4.5 mp3
symantec veritas netbackup global data manager 4.5 mp3
symantec veritas netbackup advanced reporter 3.4
symantec veritas netbackup advanced reporter 4.5
symantec veritas netbackup global data manager 4.5
symantec veritas netbackup advanced reporter 4.5 mp2
oracle mysql 3.22.26
oracle mysql 3.22.27
oracle mysql 3.22.28
oracle mysql 3.22.29
oracle mysql 3.22.30
oracle mysql 3.22.32
oracle mysql 3.23.2
oracle mysql 3.23.3
oracle mysql 3.23.4
oracle mysql 3.23.5
oracle mysql 3.23.8
oracle mysql 3.23.9
oracle mysql 3.23.10
oracle mysql 3.23.23
oracle mysql 3.23.24
oracle mysql 3.23.25
oracle mysql 3.23.26
oracle mysql 3.23.27
oracle mysql 3.23.28
oracle mysql 3.23.29
oracle mysql 3.23.30
oracle mysql 3.23.31
oracle mysql 3.23.34
oracle mysql 3.23.36
oracle mysql 3.23.37
oracle mysql 3.23.38
oracle mysql 3.23.39
oracle mysql 3.23.40
oracle mysql 3.23.41
oracle mysql 3.23.42
oracle mysql 3.23.43
oracle mysql 3.23.44
oracle mysql 3.23.45
oracle mysql 3.23.46
oracle mysql 3.23.47
oracle mysql 3.23.48
oracle mysql 3.23.49
oracle mysql 3.23.50
oracle mysql 3.23.51
oracle mysql 3.23.52
oracle mysql 3.23.53
oracle mysql 3.23.53a
oracle mysql 4.0.0
oracle mysql 4.0.1
oracle mysql 4.0.2
oracle mysql 4.0.3
oracle mysql 4.0.5a

While performing an audit of MySQL e-matters found several problems: signed/unsigned problem in COM_TABLE_DUMP Two sizes were taken as signed integers from a request and then cast to unsigned integers without checking for negative numbers Since the resulting numbers where used for a memcpy() operation this could lead to memory corrupti ...

NVD-CWE-Other http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html http://www.securityfocus.com/bid/6370 http://www.securityfocus.com/bid/6374 http://security.e-matters.de/advisories/042002.html http://www.redhat.com/support/errata/RHSA-2002-288.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555 http://www.debian.org/security/2002/dsa-212 http://www.mandriva.com/security/advisories?name=MDKSA-2002:087 http://marc.info/?l=bugtraq&m=104004857201968&w=2 http://marc.info/?l=bugtraq&m=104033188706000&w=2 http://marc.info/?l=bugtraq&m=104005886114500&w=2 http://marc.info/?l=bugtraq&m=103971644013961&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/10850 https://exchange.xforce.ibmcloud.com/vulnerabilities/10849 https://nvd.nist.gov https://www.debian.org/security/./dsa-212

CVE-2002-1376

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect