Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2009-2446
HistoryJul 13, 2009 - 5:30 p.m.

CVE-2009-2446

2009-07-1317:30:00
CWE-134
[email protected]
web.nvd.nist.gov
678
cve-2009-2446
mysql
format string vulnerability
denial of service
authentication
nvd

6.9 Medium

AI Score

Confidence

High

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.068 Low

EPSS

Percentile

93.8%

JSON

Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.

Related

altlinux 1
nessus 22
prion 1
openvas 40
veracode 1
ubuntucve 1
checkpoint_advisories 1
securityvulns 1
debian 1
fedora 1
oraclelinux 2
centos 2
redhat 3
seebug 1
ubuntu 2
gentoo 1
threatpost 1
altlinux
altlinux
Security fix for the ALT Linux 5 package MySQL version 5.0.89-alt1
2010-01-25 00:00:00
nessus
nessus
MySQL < 5.0.83 Denial of Service
2012-01-16 00:00:00
Debian DSA-1877-1 : mysql-dfsg-5.0 - denial of service/execution of arbitrary code
2010-02-24 00:00:00
Mandriva Linux Security Advisory : mysql (MDVSA-2009:159)
2009-07-28 00:00:00
prion
prion
Format string
2009-07-13 17:30:00
openvas
openvas
Mandrake Security Advisory MDVSA-2009:159 (mysql)
2009-07-29 00:00:00
Mandrake Security Advisory MDVSA-2009:179 (mysql)
2009-08-17 00:00:00
MySQL 'sql_parse.cc' Multiple Format String Vulnerabilities
2009-07-17 00:00:00
veracode
veracode
Authorization Bypass
2020-04-10 00:37:01
ubuntucve
ubuntucve
CVE-2009-2446
2009-07-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Sun MySQL mysql_log Format String (CVE-2009-2446)
2010-02-03 00:00:00
securityvulns
securityvulns
MySQL format string vulnerabilities
2009-07-27 00:00:00
debian
debian
[SECURITY] [DSA 1877-1] New mysql-dfsg-5.0 packages fix arbitrary code execution
2009-09-02 18:20:43
fedora
fedora
[SECURITY] Fedora 10 Update: mysql-5.0.88-1.fc10
2009-12-11 18:23:58
oraclelinux
oraclelinux
mysql security update
2010-02-16 00:00:00
mysql security and bug fix update
2009-09-08 00:00:00
centos
centos
mysql security update
2010-02-17 16:42:25
mysql security update
2009-09-15 18:28:45
redhat
redhat
(RHSA-2010:0110) Moderate: mysql security update
2010-02-16 00:00:00
(RHSA-2009:1289) Moderate: mysql security and bug fix update
2009-09-02 09:47:12
(RHSA-2009:1461) Important: Red Hat Application Stack v2.4 security and enhancement update
2009-09-23 00:00:00
seebug
seebug
MySQL vulnerabilities
2010-02-13 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2010-02-10 00:00:00
MySQL vulnerabilities
2012-03-12 00:00:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2012-01-05 00:00:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44

6.9 Medium

AI Score

Confidence

High

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.068 Low

EPSS

Percentile

93.8%

JSON
Related for CVE-2009-2446
altlinux1nessus22prion1openvas40veracode1ubuntucve1checkpoint_advisories1securityvulns1debian1fedora1oraclelinux2centos2redhat3seebug1ubuntu2gentoo1threatpost1