CVE-2006-1516

EPSS 81.81%
Published 05.05.2006 12:46:00
Last modified 03.04.2025 01:03:51
Source security@debian.org
Teams watchlist Login
Open Login

The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.

Affected products Warnungen 0 Metrics 2 CWE 0 References 45

Data is provided by the National Vulnerability Database (NVD)

Mysql ≫ Mysql Version4.1.0

Mysql ≫ Mysql Version4.1.3

Mysql ≫ Mysql Version4.1.8

Mysql ≫ Mysql Version4.1.10

Mysql ≫ Mysql Version4.1.12

Mysql ≫ Mysql Version4.1.13

Mysql ≫ Mysql Version4.1.14

Mysql ≫ Mysql Version4.1.15

Mysql ≫ Mysql Version5.0.1

Mysql ≫ Mysql Version5.0.2

Mysql ≫ Mysql Version5.0.3

Mysql ≫ Mysql Version5.0.4

Mysql ≫ Mysql Version5.0.5

Mysql ≫ Mysql Version5.0.10

Mysql ≫ Mysql Version5.0.15

Mysql ≫ Mysql Version5.0.16

Mysql ≫ Mysql Version5.0.17

Oracle ≫ Mysql Version4.0.0

Oracle ≫ Mysql Version4.0.1

Oracle ≫ Mysql Version4.0.2

Oracle ≫ Mysql Version4.0.3

Oracle ≫ Mysql Version4.0.4

Oracle ≫ Mysql Version4.0.5

Oracle ≫ Mysql Version4.0.5a

Oracle ≫ Mysql Version4.0.6

Oracle ≫ Mysql Version4.0.7

Oracle ≫ Mysql Version4.0.7 Updategamma

Oracle ≫ Mysql Version4.0.8

Oracle ≫ Mysql Version4.0.8 Updategamma

Oracle ≫ Mysql Version4.0.9

Oracle ≫ Mysql Version4.0.9 Updategamma

Oracle ≫ Mysql Version4.0.10

Oracle ≫ Mysql Version4.0.11

Oracle ≫ Mysql Version4.0.11 Updategamma

Oracle ≫ Mysql Version4.0.12

Oracle ≫ Mysql Version4.0.13

Oracle ≫ Mysql Version4.0.14

Oracle ≫ Mysql Version4.0.15

Oracle ≫ Mysql Version4.0.16

Oracle ≫ Mysql Version4.0.17

Oracle ≫ Mysql Version4.0.18

Oracle ≫ Mysql Version4.0.19

Oracle ≫ Mysql Version4.0.20

Oracle ≫ Mysql Version4.0.21

Oracle ≫ Mysql Version4.0.23

Oracle ≫ Mysql Version4.0.24

Oracle ≫ Mysql Version4.0.25

Oracle ≫ Mysql Version4.0.26

Oracle ≫ Mysql Version4.1.0 Updatealpha

Oracle ≫ Mysql Version4.1.2 Updatealpha

Oracle ≫ Mysql Version4.1.3 Updatebeta

Oracle ≫ Mysql Version4.1.4

Oracle ≫ Mysql Version4.1.5

Oracle ≫ Mysql Version4.1.6

Oracle ≫ Mysql Version4.1.7

Oracle ≫ Mysql Version4.1.9

Oracle ≫ Mysql Version4.1.11

Oracle ≫ Mysql Version4.1.16

Oracle ≫ Mysql Version4.1.17

Oracle ≫ Mysql Version4.1.18

Oracle ≫ Mysql Version5.0.0 Updatealpha

Oracle ≫ Mysql Version5.0.3 Updatebeta

Oracle ≫ Mysql Version5.0.6

Oracle ≫ Mysql Version5.0.7

Oracle ≫ Mysql Version5.0.8

Oracle ≫ Mysql Version5.0.9

Oracle ≫ Mysql Version5.0.11

Oracle ≫ Mysql Version5.0.12

Oracle ≫ Mysql Version5.0.13

Oracle ≫ Mysql Version5.0.14

Oracle ≫ Mysql Version5.0.18

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	81.81%	0.992

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://secunia.com/advisories/29847

http://sunsolve.sun.com/search/document.do?assetkey=1-26-236703-1

http://www.vupen.com/english/advisories/2008/1326/references

http://docs.info.apple.com/article.html?artnum=305214

http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

http://secunia.com/advisories/24479

http://www.us-cert.gov/cas/techalerts/TA07-072A.html

US Government Resource

http://www.vupen.com/english/advisories/2007/0930

http://secunia.com/advisories/20241

http://secunia.com/advisories/20253

http://secunia.com/advisories/20333

http://secunia.com/advisories/20625

http://www.debian.org/security/2006/dsa-1071

http://www.debian.org/security/2006/dsa-1073

http://www.debian.org/security/2006/dsa-1079

http://www.redhat.com/support/errata/RHSA-2006-0544.html

http://secunia.com/advisories/20457

http://www.novell.com/linux/security/advisories/2006-06-02.html

http://bugs.debian.org/365938

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html

Patch

http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.html

http://secunia.com/advisories/19929

Patch

Vendor Advisory

http://secunia.com/advisories/20002

http://secunia.com/advisories/20073

http://secunia.com/advisories/20076

http://secunia.com/advisories/20223

http://secunia.com/advisories/20424

http://secunia.com/advisories/20762

http://securityreason.com/securityalert/840

http://securitytracker.com/id?1016017

Patch

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.599377

http://www.gentoo.org/security/en/glsa/glsa-200605-13.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2006:084

http://www.securityfocus.com/archive/1/432733/100/0/threaded

http://www.securityfocus.com/archive/1/434164/100/0/threaded

http://www.securityfocus.com/bid/17780

http://www.trustix.org/errata/2006/0028

http://www.vupen.com/english/advisories/2006/1633

http://www.wisec.it/vulns.php?page=7

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/26236

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9918

https://usn.ubuntu.com/283-1/

https://nvd.nist.gov/vuln/detail/CVE-2006-1516

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-1516

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-1516

EUVD