CVE-2010-1850
MEDIUM severity · CVSS 6 · Memory corruption
6CVSS MEDIUM
Summary
Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
Impact & exploitability
Attack vectorNetwork
Attack complexity—
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)63%
AV:N/AC:M/Au:S/C:P/I:P/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://bugs.mysql.com/bug.php?id=53237
- http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
- http://securitytracker.com/id?1024033
- http://support.apple.com/kb/HT4435
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:107