Description
Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).
References (13)
Core 13
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-611.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10981
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2004/dsa-562
Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110140517515735&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17047
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/12305/
Broken Link vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892
Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-597.html
Broken Link third-party-advisory
government-resource
x_refsource_ciac
http://www.ciac.org/ciac/bulletins/p-018.shtml
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml
Vendor Advisory vendor-advisory
x_refsource_trustix
http://www.trustix.org/errata/2004/0054/
Vendor Advisory x_refsource_misc
http://lists.mysql.com/internals/14726
Exploit, Vendor Advisory x_refsource_misc
http://bugs.mysql.com/bug.php?id=4017
Scores
EPSS
0.0980
EPSS Percentile
95.0%
Details
CWE
CWE-119
Status
published
Products (2)
debian/debian_linux
3.0
oracle/mysql
3.20 - 3.23.49
Published
Nov 03, 2004
Tracked Since
Feb 18, 2026