CVE-2014-0001
Published: 31 January 2014
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.
Notes
Author | Note |
---|---|
mdeslaur | Looks like this was fixed in 5.5.37 |
Priority
Status
Package | Release | Status |
---|---|---|
mysql-5.5 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Released
(5.5.37-0ubuntu0.12.04.1)
|
|
quantal |
Released
(5.5.37-0ubuntu0.12.10.1)
|
|
saucy |
Released
(5.5.37-0ubuntu0.13.10.1)
|
|
trusty |
Released
(5.5.37-0ubuntu0.14.04.1)
|
|
upstream |
Released
(5.5.37)
|
|
utopic |
Released
(5.5.37-0ubuntu0.14.04.1)
|
|
vivid |
Does not exist
|
|
Patches: vendor: http://anonscm.debian.org/gitweb/?p=pkg-mysql/mysql-5.5.git;a=commit;h=0ad3ca2b57feaf65b199c8bfb9a8dcd51a0bdb9f |
||
mysql-5.6 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Released
(5.6.17-0ubuntu0.14.04.1)
|
|
upstream |
Released
(5.6.16)
|
|
utopic |
Not vulnerable
(5.6.17-1~exp1)
|
|
vivid |
Not vulnerable
(5.6.17-1~exp1)
|
|
mysql-dfsg-5.1 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life, was deferred)
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1054592
- http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64
- https://mariadb.com/kb/en/mariadb-5535-changelog/
- http://osvdb.org/102713
- https://ubuntu.com/security/notices/USN-2170-1
- https://www.cve.org/CVERecord?id=CVE-2014-0001
- NVD
- Launchpad
- Debian