1. Home
  2. CVE Database
  3. CVE-2006-3486
LOW · 2.1

CVE-2006-3486

Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users...

Vulnerability Description

Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability

CVSS Score

2.1

LOW

AV:L/AC:L/Au:N/C:N/I:N/A:P
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL

Affected Products

VendorProductVersions
MysqlMysql5.0.0
OracleMysql5.0.6

Related Weaknesses (CWE)

CWE-189

References

FAQ

What is CVE-2006-3486?

CVE-2006-3486 is a vulnerability with a CVSS score of 2.1 (LOW). Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users...

How severe is CVE-2006-3486?

CVE-2006-3486 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-3486?

Check the references section above for vendor advisories and patch information. Affected products include: Mysql Mysql, Oracle Mysql.