CVE-2014-0001

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
mariadbmariadb
𝑥
≤ 5.5.34
redhatenterprise_linux
6.0
redhatenterprise_linux_desktop
5.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_workstation
6.0
oraclemysql
5.5.0
oraclemysql
5.5.1
oraclemysql
5.5.2
oraclemysql
5.5.3
oraclemysql
5.5.4
oraclemysql
5.5.5
oraclemysql
5.5.6
oraclemysql
5.5.7
oraclemysql
5.5.9
oraclemysql
5.5.10
oraclemysql
5.5.11
oraclemysql
5.5.12
oraclemysql
5.5.13
oraclemysql
5.5.14
oraclemysql
5.5.15
oraclemysql
5.5.16
oraclemysql
5.5.17
oraclemysql
5.5.18
oraclemysql
5.5.19
oraclemysql
5.5.20
oraclemysql
5.5.21
oraclemysql
5.5.22
oraclemysql
5.5.23
oraclemysql
5.5.24
oraclemysql
5.5.25
oraclemysql
5.5.25:a
oraclemysql
5.5.26
oraclemysql
5.5.27
oraclemysql
5.5.28
oraclemysql
5.5.29
oraclemysql
5.5.30
oraclemysql
5.5.31
oraclemysql
5.5.32
oraclemysql
5.5.33
oraclemysql
5.5.34
oraclemysql
5.5.35
oraclemysql
5.5.36
oraclemysql
5.6.0
oraclemysql
5.6.1
oraclemysql
5.6.2
oraclemysql
5.6.3
oraclemysql
5.6.4
oraclemysql
5.6.5
oraclemysql
5.6.6
oraclemysql
5.6.7
oraclemysql
5.6.8
oraclemysql
5.6.9
oraclemysql
5.6.10
oraclemysql
5.6.11
oraclemysql
5.6.12
oraclemysql
5.6.13
oraclemysql
5.6.14
oraclemysql
5.6.15
oraclemysql
5.6.16
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mysql-5.5
lucid
dne
precise
Fixed 5.5.37-0ubuntu0.12.04.1
released
quantal
Fixed 5.5.37-0ubuntu0.12.10.1
released
saucy
Fixed 5.5.37-0ubuntu0.13.10.1
released
trusty
Fixed 5.5.37-0ubuntu0.14.04.1
released
utopic
Fixed 5.5.37-0ubuntu0.14.04.1
released
vivid
dne
mysql-5.6
lucid
dne
precise
dne
trusty
Fixed 5.6.17-0ubuntu0.14.04.1
released
utopic
not-affected
vivid
not-affected
mysql-dfsg-5.1
lucid
ignored
precise
dne
quantal
dne
saucy
dne
trusty
dne
utopic
dne
vivid
dne
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
mysql
RHEL 6
0:5.1.73-3.el6_5
fixed
mysql-bench
RHEL 6
0:5.1.73-3.el6_5
fixed
mysql-devel
RHEL 6
0:5.1.73-3.el6_5
fixed
mysql-embedded
RHEL 6
0:5.1.73-3.el6_5
fixed
mysql-embedded-devel
RHEL 6
0:5.1.73-3.el6_5
fixed
mysql-libs
RHEL 6
0:5.1.73-3.el6_5
fixed
mysql-server
RHEL 6
0:5.1.73-3.el6_5
fixed
mysql-test
RHEL 6
0:5.1.73-3.el6_5
fixed
Common Weakness Enumeration
References
http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64
http://osvdb.org/102713
http://rhn.redhat.com/errata/RHSA-2014-0164.html
http://rhn.redhat.com/errata/RHSA-2014-0173.html
http://rhn.redhat.com/errata/RHSA-2014-0186.html
http://rhn.redhat.com/errata/RHSA-2014-0189.html
http://secunia.com/advisories/52161
http://security.gentoo.org/glsa/glsa-201409-04.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2014:029
http://www.osvdb.org/102714
http://www.securityfocus.com/bid/65298
http://www.securitytracker.com/id/1029708
https://bugzilla.redhat.com/show_bug.cgi?id=1054592
https://exchange.xforce.ibmcloud.com/vulnerabilities/90901
https://mariadb.com/kb/en/mariadb-5535-changelog/
http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64
http://osvdb.org/102713
http://rhn.redhat.com/errata/RHSA-2014-0164.html
http://rhn.redhat.com/errata/RHSA-2014-0173.html
http://rhn.redhat.com/errata/RHSA-2014-0186.html
http://rhn.redhat.com/errata/RHSA-2014-0189.html
http://secunia.com/advisories/52161
http://security.gentoo.org/glsa/glsa-201409-04.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2014:029
http://www.osvdb.org/102714
http://www.securityfocus.com/bid/65298
http://www.securitytracker.com/id/1029708
https://bugzilla.redhat.com/show_bug.cgi?id=1054592
https://exchange.xforce.ibmcloud.com/vulnerabilities/90901
https://mariadb.com/kb/en/mariadb-5535-changelog/