CVE-2014-0001

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.

References

http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64

http://osvdb.org/102713

http://rhn.redhat.com/errata/RHSA-2014-0164.html

http://rhn.redhat.com/errata/RHSA-2014-0173.html

http://rhn.redhat.com/errata/RHSA-2014-0186.html

http://rhn.redhat.com/errata/RHSA-2014-0189.html

http://secunia.com/advisories/52161

http://security.gentoo.org/glsa/glsa-201409-04.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2014:029

http://www.osvdb.org/102714

http://www.securityfocus.com/bid/65298

http://www.securitytracker.com/id/1029708

https://bugzilla.redhat.com/show_bug.cgi?id=1054592

https://exchange.xforce.ibmcloud.com/vulnerabilities/90901

https://mariadb.com/kb/en/mariadb-5535-changelog/

Details

Source: MITRE

Published: 2014-01-31

Updated: 2019-12-17

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* versions up to 5.5.34 (inclusive)

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:5:*:server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:oracle:mysql:5.5.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.10:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.12:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.13:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.14:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.15:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.16:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.17:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.18:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.20:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.21:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.22:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.23:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.24:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.25:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.25:a:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.26:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.27:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.28:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.29:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.30:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.31:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.32:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.33:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.34:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.35:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.36:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:oracle:mysql:5.6.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.10:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.12:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.13:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.14:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.15:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.16:*:*:*:*:*:*:*

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
125007EulerOS Virtualization 3.0.1.0 : mariadb (EulerOS-SA-2019-1554)NessusHuawei Local Security Checks
high
96790OracleVM 3.3 / 3.4 : mysql (OVMSA-2017-0035)NessusOracleVM Local Security Checks
critical
9283MariaDB Server 10.0.x < 10.0.21 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
82220Debian DLA-75-1 : mysql-5.1 security updateNessusDebian Local Security Checks
high
77548GLSA-201409-04 : MySQL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
74373SuSE 11.3 Security Update : MySQL (SAT Patch Number 9303)NessusSuSE Local Security Checks
critical
73855Debian DSA-2919-1 : mysql-5.5 - security updateNessusDebian Local Security Checks
high
73680Ubuntu 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : mysql-5.5 vulnerabilities (USN-2170-1)NessusUbuntu Local Security Checks
high
8212Oracle MySQL 5.5.x <= 5.5.36 / 5.6.x <= 5.6.16 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
73572MySQL 5.5.x < 5.5.36 Multiple VulnerabilitiesNessusDatabases
high
72946Amazon Linux AMI : mysql51 (ALAS-2014-298)NessusAmazon Linux Local Security Checks
high
72864CentOS 6 : mariadb55-mariadb (CESA-2014:0189)NessusCentOS Local Security Checks
high
72863CentOS 6 : mysql55-mysql (CESA-2014:0173)NessusCentOS Local Security Checks
high
8129MariaDB Server 5.5.x < 5.5.35 Buffer Overflow VulnerabilityNessus Network MonitorDatabase
high
72592CentOS 5 : mysql55-mysql (CESA-2014:0186)NessusCentOS Local Security Checks
high
72590Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : mariadb, mysql (SSA:2014-050-02)NessusSlackware Local Security Checks
high
72569Scientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64 (20140218)NessusScientific Linux Local Security Checks
high
72568RHEL 5 : mysql55-mysql (RHSA-2014:0186)NessusRed Hat Local Security Checks
high
72566Oracle Linux 5 : mysql55-mysql (ELSA-2014-0186)NessusOracle Linux Local Security Checks
high
72495Mandriva Linux Security Advisory : mariadb (MDVSA-2014:028)NessusMandriva Local Security Checks
high
72491CentOS 6 : mysql (CESA-2014:0164)NessusCentOS Local Security Checks
high
72477Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20140212)NessusScientific Linux Local Security Checks
high
72474RHEL 6 : mysql (RHSA-2014:0164)NessusRed Hat Local Security Checks
high
72471Oracle Linux 6 : mysql (ELSA-2014-0164)NessusOracle Linux Local Security Checks
high
72374MariaDB 5.5 < 5.5.35 Multiple VulnerabilitiesNessusDatabases
high