7.6 High
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.972 High
EPSS
Percentile
99.8%
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html
lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html
lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html
lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html
lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html
lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html
lists.opensuse.org/opensuse-updates/2013-09/msg00010.html
rhn.redhat.com/errata/RHSA-2012-1551.html
rhn.redhat.com/errata/RHSA-2013-0180.html
seclists.org/fulldisclosure/2012/Dec/4
secunia.com/advisories/51443
secunia.com/advisories/53372
security.gentoo.org/glsa/glsa-201308-06.xml
www.debian.org/security/2012/dsa-2581
www.mandriva.com/security/advisories?name=MDVSA-2013:102
www.mandriva.com/security/advisories?name=MDVSA-2013:150
www.openwall.com/lists/oss-security/2012/12/02/3
www.openwall.com/lists/oss-security/2012/12/02/4
www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
www.ubuntu.com/usn/USN-1658-1
www.ubuntu.com/usn/USN-1703-1
kb.askmonty.org/en/mariadb-5166-release-notes/
kb.askmonty.org/en/mariadb-5213-release-notes/
kb.askmonty.org/en/mariadb-5311-release-notes/
kb.askmonty.org/en/mariadb-5528a-release-notes/
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395
www.exploit-db.com/exploits/23075