Vulnerability Description
The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mysql-Ocaml | Mysql-Ocaml | 1.0.4 |
| Mysql | Mysql | All versions |
References
- http://secunia.com/advisories/37047Vendor Advisory
- http://www.debian.org/security/2009/dsa-1910
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:279
- http://www.osvdb.org/59030
- http://secunia.com/advisories/37047Vendor Advisory
- http://www.debian.org/security/2009/dsa-1910
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:279
- http://www.osvdb.org/59030
FAQ
What is CVE-2009-2942?
CVE-2009-2942 is a vulnerability with a CVSS score of 7.5 (HIGH). The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character enc...
How severe is CVE-2009-2942?
CVE-2009-2942 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2942?
Check the references section above for vendor advisories and patch information. Affected products include: Mysql-Ocaml Mysql-Ocaml, Mysql Mysql.