190870 – CVE-2006-1518 Mysql buffer overflow

Bug 190870 - CVE-2006-1518 Mysql buffer overflow

Summary: CVE-2006-1518 Mysql buffer overflow

Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	mysql
Sub Component:
Version:	5
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Tom Lane
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:	impact=important,source=vendorsec,pub...
Keywords:	Security
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-05-05 19:45 UTC by Josh Bressers
Modified:	2013-07-03 03:09 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:
Doc Text:	(edit)
Clone Of:
Environment:	(edit)
Last Closed:	2006-05-18 02:02:47 UTC
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Josh Bressers 2006-05-05 19:45:04 UTC

Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to
5.0.20 might allow remote attackers to execute arbitrary code via crafted
COM_TABLE_DUMP packets with invalid length values.

http://www.wisec.it/vulns.php?page=8

Comment 1 starback 2006-05-08 07:40:04 UTC

Also for 4.1.x up to 4.1.18, so FC 4 is also affected.

Comment 2 Tom Lane 2006-05-18 02:02:47 UTC

5.0.21 is pushed into FC5, and 4.1.19 into FC4.

Note You need to log in before you can comment on or make changes to this bug.