10
CVE-2004-0836
- EPSS 9.8%
- Veröffentlicht 03.11.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.8% | 0.949 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://www.ciac.org/ciac/bulletins/p-018.shtml
http://www.redhat.com/support/errata/RHSA-2004-597.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892
http://www.debian.org/security/2004/dsa-562
http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml
http://www.redhat.com/support/errata/RHSA-2004-611.html
http://www.trustix.org/errata/2004/0054/
http://bugs.mysql.com/bug.php?id=4017
http://lists.mysql.com/internals/14726
http://marc.info/?l=bugtraq&m=110140517515735&w=2
http://secunia.com/advisories/12305/
http://www.securityfocus.com/bid/10981
https://exchange.xforce.ibmcloud.com/vulnerabilities/17047