CVE-2006-3469 : Detail

Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Exploit information

Exploit Database EDB-ID : 28234

Publication date : 2006-07-17 22h00 +00:00
Author : Christian Hammers
EDB Verified : Yes

Products Mentioned

Configuraton 0

Mysql>>Mysql >> Version 4.1.8

Mysql>>Mysql >> Version 4.1.12

Mysql>>Mysql >> Version 4.1.13

Mysql>>Mysql >> Version 4.1.14

Mysql>>Mysql >> Version 4.1.15

Mysql>>Mysql >> Version 5.0.5.0.21

Mysql>>Mysql >> Version 5.0.10

Mysql>>Mysql >> Version 5.0.15

Mysql>>Mysql >> Version 5.0.16

Mysql>>Mysql >> Version 5.0.17

Oracle>>Mysql >> Version 4.1.6

Oracle>>Mysql >> Version 4.1.7

Oracle>>Mysql >> Version 4.1.9

Oracle>>Mysql >> Version 4.1.11

Oracle>>Mysql >> Version 4.1.16

Oracle>>Mysql >> Version 4.1.18

Oracle>>Mysql >> Version 4.1.19

Oracle>>Mysql >> Version 4.1.20

Oracle>>Mysql >> Version 5.0.6

Oracle>>Mysql >> Version 5.0.9

Oracle>>Mysql >> Version 5.0.11

Oracle>>Mysql >> Version 5.0.12

Oracle>>Mysql >> Version 5.0.13

Oracle>>Mysql >> Version 5.0.18

Oracle>>Mysql >> Version 5.0.19

References