| Vulnerability Name: | CVE-2004-2149 (CCN-17493) | ||||||||
| Assigned: | 2004-09-24 | ||||||||
| Published: | 2004-09-24 | ||||||||
| Updated: | 2019-12-17 | ||||||||
| Summary: | Buffer overflow in the prepared statements API in libmysqlclient for MySQL 4.1.3 beta and 4.1.4 allows remote attackers to cause a denial of service via a large number of placeholders. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: MySQL Bug #5194 Bulk Insert Failures with Prepared Statements Source: CONFIRM Type: Exploit, Vendor Advisory http://bugs.mysql.com/bug.php?id=5194 Source: MITRE Type: CNA CVE-2004-2149 Source: CONFIRM Type: UNKNOWN http://dev.mysql.com/doc/mysql/en/news-4-1-5.html Source: CCN Type: MySQL Web site C.2.2 Changes in release 4.1.5 (16 Sep 2004) Source: CCN Type: SECTRACK ID: 1011408 MySQL libmysqlclient Buffer Overflow in Executing Prepared Statements Has Unspecified Impact Source: SECTRACK Type: Patch 1011408 Source: OSVDB Type: UNKNOWN 10244 Source: CCN Type: OSVDB ID: 10244 MySQL libmysqlclient Prepared Statements API Overflow Source: BID Type: Patch 11261 Source: CCN Type: BID-11261 MySQL Bounded Parameter Statement Execution Remote Buffer Overflow Vulnerability Source: XF Type: UNKNOWN mysql-libmysqlclient-insert-bo(17493) Source: XF Type: UNKNOWN mysql-libmysqlclient-insert-bo(17493) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||