CVE-2014-0001
high
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
7.5
Description
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 5 | affected | |
| rhel | 6.0 | affected | |
| rhel | 5.0 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mariadb | mariadb | {"endIncluding":"5.5.34"} | |
| oracle | mysql | 5.5.0 | |
| oracle | mysql | 5.5.1 | |
| oracle | mysql | 5.5.2 | |
| oracle | mysql | 5.5.3 | |
| oracle | mysql | 5.5.4 | |
| oracle | mysql | 5.5.5 | |
| oracle | mysql | 5.5.6 | |
| oracle | mysql | 5.5.7 | |
| oracle | mysql | 5.5.9 | |
| oracle | mysql | 5.5.10 | |
| oracle | mysql | 5.5.11 | |
| oracle | mysql | 5.5.12 | |
| oracle | mysql | 5.5.13 | |
| oracle | mysql | 5.5.14 | |
| oracle | mysql | 5.5.15 | |
| oracle | mysql | 5.5.16 | |
| oracle | mysql | 5.5.17 | |
| oracle | mysql | 5.5.18 | |
| oracle | mysql | 5.5.19 | |
| oracle | mysql | 5.5.20 | |
| oracle | mysql | 5.5.21 | |
| oracle | mysql | 5.5.22 | |
| oracle | mysql | 5.5.23 | |
| oracle | mysql | 5.5.24 | |
| oracle | mysql | 5.5.25 | |
| oracle | mysql | 5.5.26 | |
| oracle | mysql | 5.5.27 | |
| oracle | mysql | 5.5.28 | |
| oracle | mysql | 5.5.29 | |
| oracle | mysql | 5.5.30 | |
| oracle | mysql | 5.5.31 | |
| oracle | mysql | 5.5.32 | |
| oracle | mysql | 5.5.33 | |
| oracle | mysql | 5.5.34 | |
| oracle | mysql | 5.5.35 | |
| oracle | mysql | 5.5.36 | |
| oracle | mysql | 5.6.0 | |
| oracle | mysql | 5.6.1 | |
| oracle | mysql | 5.6.2 | |
| oracle | mysql | 5.6.3 | |
| oracle | mysql | 5.6.4 | |
| oracle | mysql | 5.6.5 | |
| oracle | mysql | 5.6.6 | |
| oracle | mysql | 5.6.7 | |
| oracle | mysql | 5.6.8 | |
| oracle | mysql | 5.6.9 | |
| oracle | mysql | 5.6.10 | |
| oracle | mysql | 5.6.11 | |
| oracle | mysql | 5.6.12 | |
| oracle | mysql | 5.6.13 | |
| oracle | mysql | 5.6.14 | |
| oracle | mysql | 5.6.15 | |
| oracle | mysql | 5.6.16 | |
References
- http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64
- http://osvdb.org/102713
- http://rhn.redhat.com/errata/RHSA-2014-0164.html
- http://rhn.redhat.com/errata/RHSA-2014-0173.html
- http://rhn.redhat.com/errata/RHSA-2014-0186.html
- http://rhn.redhat.com/errata/RHSA-2014-0189.html
- http://secunia.com/advisories/52161
- http://security.gentoo.org/glsa/glsa-201409-04.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:029
- http://www.osvdb.org/102714
- http://www.securityfocus.com/bid/65298
- http://www.securitytracker.com/id/1029708
- https://bugzilla.redhat.com/show_bug.cgi?id=1054592
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90901
- https://mariadb.com/kb/en/mariadb-5535-changelog/
- http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64
- http://osvdb.org/102713
- http://rhn.redhat.com/errata/RHSA-2014-0164.html
- http://rhn.redhat.com/errata/RHSA-2014-0173.html
- http://rhn.redhat.com/errata/RHSA-2014-0186.html
- http://rhn.redhat.com/errata/RHSA-2014-0189.html
- http://secunia.com/advisories/52161
- http://security.gentoo.org/glsa/glsa-201409-04.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:029
- http://www.osvdb.org/102714
CWEs
CWE-119
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.