CVE-2009-2446

Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request.  NOTE: some of these details are obtained from third party information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
mysqlmysql
4.1.0
mysqlmysql
4.1.2
mysqlmysql
4.1.3
mysqlmysql
4.1.8
mysqlmysql
4.1.10
mysqlmysql
4.1.12
mysqlmysql
4.1.13
mysqlmysql
4.1.14
mysqlmysql
4.1.15
mysqlmysql
4.1.23
mysqlmysql
5.0.0
mysqlmysql
5.0.1
mysqlmysql
5.0.2
mysqlmysql
5.0.3
mysqlmysql
5.0.4
mysqlmysql
5.0.5
mysqlmysql
5.0.5.0.21
mysqlmysql
5.0.10
mysqlmysql
5.0.15
mysqlmysql
5.0.16
mysqlmysql
5.0.17
mysqlmysql
5.0.20
mysqlmysql
5.0.22.1.0.1
mysqlmysql
5.0.24
mysqlmysql
5.0.30
mysqlmysql
5.0.36
mysqlmysql
5.0.44
mysqlmysql
5.0.54
mysqlmysql
5.0.56
mysqlmysql
5.0.60
mysqlmysql
5.0.66
mysqlmysql
5.0.82
oraclemysql
4.0.0
oraclemysql
4.0.1
oraclemysql
4.0.2
oraclemysql
4.0.3
oraclemysql
4.0.4
oraclemysql
4.0.5
oraclemysql
4.0.5a:a
oraclemysql
4.0.6
oraclemysql
4.0.7
oraclemysql
4.0.7:gamma
oraclemysql
4.0.8
oraclemysql
4.0.8:gamma
oraclemysql
4.0.9
oraclemysql
4.0.9:gamma
oraclemysql
4.0.10
oraclemysql
4.0.11
oraclemysql
4.0.11:gamma
oraclemysql
4.0.12
oraclemysql
4.0.13
oraclemysql
4.0.14
oraclemysql
4.0.15
oraclemysql
4.0.16
oraclemysql
4.0.17
oraclemysql
4.0.18
oraclemysql
4.0.19
oraclemysql
4.0.20
oraclemysql
4.0.21
oraclemysql
4.0.23
oraclemysql
4.0.24
oraclemysql
4.0.25
oraclemysql
4.0.26
oraclemysql
4.0.27
oraclemysql
4.1.0:alpha
oraclemysql
4.1.1
oraclemysql
4.1.2:alpha
oraclemysql
4.1.3:beta
oraclemysql
4.1.4
oraclemysql
4.1.5
oraclemysql
4.1.6
oraclemysql
4.1.7
oraclemysql
4.1.9
oraclemysql
4.1.11
oraclemysql
4.1.16
oraclemysql
4.1.17
oraclemysql
4.1.18
oraclemysql
4.1.19
oraclemysql
4.1.20
oraclemysql
4.1.21
oraclemysql
4.1.22
oraclemysql
5.0.0:alpha
oraclemysql
5.0.3:beta
oraclemysql
5.0.6
oraclemysql
5.0.7
oraclemysql
5.0.8
oraclemysql
5.0.9
oraclemysql
5.0.11
oraclemysql
5.0.12
oraclemysql
5.0.13
oraclemysql
5.0.14
oraclemysql
5.0.18
oraclemysql
5.0.19
oraclemysql
5.0.21
oraclemysql
5.0.22
oraclemysql
5.0.23
oraclemysql
5.0.25
oraclemysql
5.0.26
oraclemysql
5.0.27
oraclemysql
5.0.30:sp1
oraclemysql
5.0.32
oraclemysql
5.0.33
oraclemysql
5.0.37
oraclemysql
5.0.38
oraclemysql
5.0.41
oraclemysql
5.0.42
oraclemysql
5.0.45
oraclemysql
5.0.50
oraclemysql
5.0.51
oraclemysql
5.0.51a:a
oraclemysql
5.0.52
oraclemysql
5.0.75
oraclemysql
5.0.77
oraclemysql
5.0.81
oraclemysql
5.0.83
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mysql-5.1
natty
not-affected
maverick
not-affected
lucid
dne
karmic
dne
jaunty
dne
hardy
dne
dapper
dne
mysql-dfsg-5.0
natty
dne
maverick
dne
lucid
dne
karmic
ignored
jaunty
Fixed 5.1.30really5.0.75-0ubuntu10.3
released
intrepid
Fixed 5.0.67-0ubuntu6.1
released
hardy
Fixed 5.0.51a-3ubuntu5.5
released
dapper
Fixed 5.0.22-0ubuntu6.06.12
released
mysql-dfsg-5.1
natty
dne
maverick
dne
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
dne
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0058.html
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://secunia.com/advisories/35767
http://secunia.com/advisories/36566
http://secunia.com/advisories/38517
http://securitytracker.com/id?1022533
http://support.apple.com/kb/HT4077
http://ubuntu.com/usn/usn-897-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:179
http://www.osvdb.org/55734
http://www.redhat.com/support/errata/RHSA-2009-1289.html
http://www.redhat.com/support/errata/RHSA-2010-0110.html
http://www.securityfocus.com/archive/1/504799/100/0/threaded
http://www.securityfocus.com/bid/35609
http://www.ubuntu.com/usn/USN-1397-1
http://www.vupen.com/english/advisories/2009/1857
https://exchange.xforce.ibmcloud.com/vulnerabilities/51614
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11857
http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0058.html
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://secunia.com/advisories/35767
http://secunia.com/advisories/36566
http://secunia.com/advisories/38517
http://securitytracker.com/id?1022533
http://support.apple.com/kb/HT4077
http://ubuntu.com/usn/usn-897-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:179
http://www.osvdb.org/55734
http://www.redhat.com/support/errata/RHSA-2009-1289.html
http://www.redhat.com/support/errata/RHSA-2010-0110.html
http://www.securityfocus.com/archive/1/504799/100/0/threaded
http://www.securityfocus.com/bid/35609
http://www.ubuntu.com/usn/USN-1397-1
http://www.vupen.com/english/advisories/2009/1857
https://exchange.xforce.ibmcloud.com/vulnerabilities/51614
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11857