Vulnerability Description
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mariadb | Mariadb | <= 5.5.34 |
| Redhat | Enterprise Linux | 5 |
| Redhat | Enterprise Linux Desktop | 5.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Oracle | Mysql | 5.5.0 |
Related Weaknesses (CWE)
References
- http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64Not Applicable
- http://osvdb.org/102713Broken Link
- http://rhn.redhat.com/errata/RHSA-2014-0164.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-0173.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-0186.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-0189.htmlThird Party Advisory
- http://secunia.com/advisories/52161
- http://security.gentoo.org/glsa/glsa-201409-04.xmlPatchThird Party AdvisoryVDB Entry
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:029Broken Link
- http://www.osvdb.org/102714Broken Link
- http://www.securityfocus.com/bid/65298Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1029708
- https://bugzilla.redhat.com/show_bug.cgi?id=1054592Issue TrackingPatchThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90901
- https://mariadb.com/kb/en/mariadb-5535-changelog/PatchVendor Advisory
FAQ
What is CVE-2014-0001?
CVE-2014-0001 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server v...
How severe is CVE-2014-0001?
CVE-2014-0001 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0001?
Check the references section above for vendor advisories and patch information. Affected products include: Mariadb Mariadb, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.