Out-of-Bounds Affecting mysql-5.5 package, versions <5.5.37-0ubuntu0.14.04.1
Threat Intelligence
EPSS
95.23% (100th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UBUNTU1404-MYSQL55-353319
- published 31 Jan 2014
- disclosed 31 Jan 2014
Introduced: 31 Jan 2014
CVE-2014-0001 Open this link in a new tabHow to fix?
Upgrade Ubuntu:14.04 mysql-5.5 to version 5.5.37-0ubuntu0.14.04.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream mysql-5.5 package and not the mysql-5.5 package as distributed by Ubuntu.
See How to fix? for Ubuntu:14.04 relevant fixed versions and status.
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-0001
- http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64
- https://mariadb.com/kb/en/mariadb-5535-changelog/
- https://security-tracker.debian.org/tracker/CVE-2014-0001
- http://security.gentoo.org/glsa/glsa-201409-04.xml
- http://osvdb.org/102713
- https://bugzilla.redhat.com/show_bug.cgi?id=1054592
- http://rhn.redhat.com/errata/RHSA-2014-0164.html
- http://rhn.redhat.com/errata/RHSA-2014-0173.html
- http://rhn.redhat.com/errata/RHSA-2014-0186.html
- http://rhn.redhat.com/errata/RHSA-2014-0189.html
- http://secunia.com/advisories/52161
- http://www.securityfocus.com/bid/65298
- http://www.securitytracker.com/id/1029708
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90901
- http://www.osvdb.org/102714
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:029
CVSS Scores
version 3.1