CVE-2005-2558

Severity

46%

Complexity

39%

Confidentiality

106%

Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field.

Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

MySQL

First reported 19 years ago

2005-08-16 04:00:00

Last updated 5 years ago

2019-12-17 17:12:00

Affected Software

MySQL MySQL 4.1.0

4.1.0

MySQL MySQL 4.1.3

4.1.3

MySQL MySQL 4.1.10

4.1.10

MySQL MySQL 5.0.1

5.0.1

MySQL MySQL 5.0.2

5.0.2

MySQL MySQL 5.0.3

5.0.3

MySQL MySQL 5.0.4

5.0.4

Oracle MySQL 4.0.0

4.0.0

Oracle MySQL 4.0.1

4.0.1

Oracle MySQL 4.0.2

4.0.2

Oracle MySQL 4.0.3

4.0.3

Oracle MySQL 4.0.4

4.0.4

Oracle MySQL 4.0.5

4.0.5

Oracle MySQL 4.0.5a

4.0.5a

Oracle MySQL 4.0.6

4.0.6

Oracle MySQL 4.0.7

4.0.7

Oracle MySQL 4.0.7 Gamma

4.0.7

Oracle MySQL 4.0.8

4.0.8

Oracle MySQL 4.0.8 Gamma

4.0.8

Oracle MySQL 4.0.9

4.0.9

Oracle MySQL 4.0.9 Gamma

4.0.9

Oracle MySQL 4.0.10

4.0.10

Oracle MySQL 4.0.11

4.0.11

Oracle MySQL 4.0.11 Gamma

4.0.11

Oracle MySQL 4.0.12

4.0.12

Oracle MySQL 4.0.13

4.0.13

Oracle MySQL 4.0.14

4.0.14

Oracle MySQL 4.0.15

4.0.15

Oracle MySQL 4.0.18

4.0.18

Oracle MySQL 4.0.20

4.0.20

Oracle MySQL 4.0.21

4.0.21

Oracle MySQL 4.0.24

4.0.24

Oracle MySQL 4.1.0 Alpha

4.1.0

Oracle MySQL 4.1.2 Alpha

4.1.2

Oracle MySQL 4.1.3 Beta

4.1.3

Oracle MySQL 4.1.4

4.1.4

Oracle MySQL 4.1.5

4.1.5

Oracle MySQL 5.0.0 Alpha

5.0.0

References

SCOSA-2006.18

20050808 [AppSecInc Advisory MYSQL05-V0002] Buffer Overflow in MySQL User Defined Functions

Patch, Vendor Advisory

20050808 [AppSecInc Advisory MYSQL05-V0002] Buffer Overflow in MySQL User Defined Functions

17027

20381

29847

236703

http://www.appsecinc.com/resources/alerts/mysql/2005-002.html

Patch, Vendor Advisory

DSA-829

DSA-831

DSA-833

MDKSA-2005:163

SUSE-SR:2005:021

FLSA-2006:167803

14509

Patch

ADV-2008-1326

mysql-user-defined-function-bo(21737)

USN-180-1

USN-180-2

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.