CVE-2006-3081

Severity

40%

Complexity

80%

Confidentiality

48%

mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function.

mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function.

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P).

Overview

Type

MySQL

First reported 18 years ago

2006-06-19 18:02:00

Last updated 5 years ago

2019-12-17 17:13:00

Affected Software

MySQL MySQL 4.1.13

4.1.13

MySQL MySQL 4.1.15

4.1.15

MySQL MySQL 5.0.0

5.0.0

MySQL MySQL 5.0.1

5.0.1

MySQL MySQL 5.0.2

5.0.2

MySQL MySQL 5.0.3

5.0.3

MySQL MySQL 5.0.4

5.0.4

MySQL 5.1.5

5.1.5

Oracle MySQL 4.0.18

4.0.18

Oracle MySQL 4.1.4

4.1.4

Oracle MySQL 4.1.5

4.1.5

Oracle MySQL 4.1.7

4.1.7

Oracle MySQL 4.1.16

4.1.16

Oracle MySQL 5.0.18

5.0.18

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373913

http://bugs.mysql.com/bug.php?id=15828

http://docs.info.apple.com/article.html?artnum=305214

APPLE-SA-2007-03-13

20060615 MySQL DoS

19929

Vendor Advisory

20832

Vendor Advisory

20871

Vendor Advisory

24479

DSA-1112

MDKSA-2006:111

RHSA-2007:0083

20060614 MySQL DoS

20060615 Re: MySQL DoS

20060615 Re: MySQL DoS

18439

Exploit

TA06-208A

US Government Resource

TA07-072A

US Government Resource

ADV-2007-0930

mysql-select-dos(27212)

oval:org.mitre.oval:def:9516

USN-306-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.