Lucene search

[email protected]NVD:CVE-2008-3963

HistorySep 11, 2008 - 1:13 a.m.

CVE-2008-3963

2008-09-1101:13:47

CWE-134

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

Low

0.056 Low

EPSS

Percentile

93.3%

JSON

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b’’ (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.

Affected configurations

NVD

Node

mysqlmysqlMatch5.0.0

mysqlmysqlMatch5.0.1

mysqlmysqlMatch5.0.2

mysqlmysqlMatch5.0.3

mysqlmysqlMatch5.0.4

mysqlmysqlMatch5.0.5

mysqlmysqlMatch5.0.5.0.21

mysqlmysqlMatch5.0.10

mysqlmysqlMatch5.0.15

mysqlmysqlMatch5.0.16

mysqlmysqlMatch5.0.17

mysqlmysqlMatch5.0.20

mysqlmysqlMatch5.0.22.1.0.1

mysqlmysqlMatch5.0.24

mysqlmysqlMatch5.0.30

mysqlmysqlMatch5.0.36

mysqlmysqlMatch5.0.44

mysqlmysqlMatch5.0.54

mysqlmysqlMatch5.0.56

mysqlmysqlMatch5.0.60

mysqlmysqlMatch5.1.5

mysqlmysqlMatch5.1.23

oraclemysqlMatch5.0.0alpha

oraclemysqlMatch5.0.6

oraclemysqlMatch5.0.23

oraclemysqlMatch5.0.25

oraclemysqlMatch5.0.26

oraclemysqlMatch5.0.30sp1

oraclemysqlMatch5.0.32

oraclemysqlMatch5.0.33

oraclemysqlMatch5.0.38

oraclemysqlMatch5.0.41

oraclemysqlMatch5.0.42

oraclemysqlMatch5.0.45

oraclemysqlMatch5.0.50

oraclemysqlMatch5.0.51

oraclemysqlMatch5.0.52

oraclemysqlMatch5.1

oraclemysqlMatch5.1.1

oraclemysqlMatch5.1.2

oraclemysqlMatch5.1.3

oraclemysqlMatch5.1.4

oraclemysqlMatch5.1.6

oraclemysqlMatch5.1.7

oraclemysqlMatch5.1.8

oraclemysqlMatch5.1.9

oraclemysqlMatch5.1.10

oraclemysqlMatch5.1.11

oraclemysqlMatch5.1.12

oraclemysqlMatch5.1.13

oraclemysqlMatch5.1.14

oraclemysqlMatch5.1.15

oraclemysqlMatch5.1.16

oraclemysqlMatch5.1.17

oraclemysqlMatch5.1.18

oraclemysqlMatch5.1.19

oraclemysqlMatch5.1.20

oraclemysqlMatch5.1.21

oraclemysqlMatch5.1.22

oraclemysqlMatch6.0.0

oraclemysqlMatch6.0.1

oraclemysqlMatch6.0.2

oraclemysqlMatch6.0.3

oraclemysqlMatch6.0.4

References

bugs.mysql.com/bug.php?id=35658

dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html

dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html

dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html

lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html

secunia.com/advisories/31769

secunia.com/advisories/32759

secunia.com/advisories/32769

secunia.com/advisories/34907

secunia.com/advisories/36566

www.debian.org/security/2009/dsa-1783

www.mandriva.com/security/advisories?name=MDVSA-2009:094

www.openwall.com/lists/oss-security/2008/09/09/4

www.openwall.com/lists/oss-security/2008/09/09/7

www.redhat.com/support/errata/RHSA-2009-1067.html

www.redhat.com/support/errata/RHSA-2009-1289.html

www.securitytracker.com/id?1020858

www.ubuntu.com/usn/USN-1397-1

www.ubuntu.com/usn/USN-671-1

www.vupen.com/english/advisories/2008/2554

bugs.gentoo.org/237166

exchange.xforce.ibmcloud.com/vulnerabilities/45042

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

Low

0.056 Low

EPSS

Percentile

93.3%

JSON

Related for NVD:CVE-2008-3963

openvas32 ubuntucve1 prion1 nessus19 seebug1 veracode1 cvelist1 freebsd1 cve1 debian2 osv1 oraclelinux1 redhat2 ubuntu2 centos1 gentoo1