Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2014-0001

Published: 31/01/2014 Updated: 17/12/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Mariadb

Vulnerability Summary

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB prior to 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.

Vulnerable Product Search on Vulmon Subscribe to Product

mariadb mariadb

redhat enterprise linux 5

redhat enterprise linux desktop 6.0

redhat enterprise linux 6.0

redhat enterprise linux desktop 5.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

oracle mysql 5.5.7

oracle mysql 5.5.15

oracle mysql 5.5.16

oracle mysql 5.5.23

oracle mysql 5.5.3

oracle mysql 5.5.4

oracle mysql 5.5.11

oracle mysql 5.5.12

oracle mysql 5.5.19

oracle mysql 5.5.20

oracle mysql 5.5.27

oracle mysql 5.5.28

oracle mysql 5.5.35

oracle mysql 5.5.36

oracle mysql 5.5.24

oracle mysql 5.5.31

oracle mysql 5.5.32

oracle mysql 5.5.0

oracle mysql 5.5.1

oracle mysql 5.5.2

oracle mysql 5.5.9

oracle mysql 5.5.10

oracle mysql 5.5.17

oracle mysql 5.5.18

oracle mysql 5.5.25

oracle mysql 5.5.26

oracle mysql 5.5.33

oracle mysql 5.5.34

oracle mysql 5.5.5

oracle mysql 5.5.6

oracle mysql 5.5.13

oracle mysql 5.5.14

oracle mysql 5.5.21

oracle mysql 5.5.22

oracle mysql 5.5.29

oracle mysql 5.5.30

oracle mysql 5.6.5

oracle mysql 5.6.6

oracle mysql 5.6.14

oracle mysql 5.6.15

oracle mysql 5.6.1

oracle mysql 5.6.2

oracle mysql 5.6.9

oracle mysql 5.6.10

oracle mysql 5.6.11

oracle mysql 5.6.3

oracle mysql 5.6.4

oracle mysql 5.6.12

oracle mysql 5.6.13

oracle mysql 5.6.0

oracle mysql 5.6.7

oracle mysql 5.6.8

oracle mysql 5.6.16

Vendor Advisories

Ubuntu Security Notice: mysql-5.5 vulnerabilities
Several security issues were fixed in MySQL ...
Debian CVElist Bug Report Logs: mysql-5.5: CVE-2014-0001: command-line tool buffer overflow via long server version string
Debian Bug report logs - #737596 mysql-55: CVE-2014-0001: command-line tool buffer overflow via long server version string Package: src:mysql-55; Maintainer for src:mysql-55 is Debian MySQL Maintainers <pkg-mysql-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Feb ...
Debian CVElist Bug Report Logs: mysql-5.5: Oracle SPU April 2014
Debian Bug report logs - #744910 mysql-55: Oracle SPU April 2014 Package: mysql-55; Maintainer for mysql-55 is Debian MySQL Maintainers <pkg-mysql-maint@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Wed, 16 Apr 2014 07:12:07 UTC Severity: grave Tags: security Fixed in versions 5 ...
Debian Security Advisories: DSA-2919-1 mysql-5.5 -- security update
Several issues have been discovered in the MySQL database server The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5537 Please see the MySQL 55 Release Notes and Oracle's Critical Patch Update advisory for further details: devmysqlcom/doc/relnotes/mysql/55/en/news-5-5-36html devmysqlcom/doc/r ...
Amazon Linux AMI: ALAS-2014-298
This update fixes several vulnerabilities in the MySQL database server (CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908) A buffer overflow flaw was found in the way the MySQL command line client tool (mysql) processed excessively long version strings If a user connected to a malicious MySQL ...
Red Hat: CVE-2014-0001
Buffer overflow in client/mysqlcc in Oracle MySQL and MariaDB before 5535 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string ...

References

CWE-119http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64https://bugzilla.redhat.com/show_bug.cgi?id=1054592http://osvdb.org/102713http://www.osvdb.org/102714https://mariadb.com/kb/en/mariadb-5535-changelog/http://rhn.redhat.com/errata/RHSA-2014-0189.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0164.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0186.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0173.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2014:029http://www.securityfocus.com/bid/65298http://security.gentoo.org/glsa/glsa-201409-04.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90901http://www.securitytracker.com/id/1029708http://secunia.com/advisories/52161https://usn.ubuntu.com/2170-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-0001
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook