CVE-2006-1516

MySQL 4.0.x-4.0.26, 4.1.x-4.1.18, 5.0.x-5.0.20 - Unauthenticated Memory Disclosure via Username Buffer Over-Read

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1516. PoCs published by Stefano Di Paola.

AI-analyzed exploit summary This exploit targets a memory leak vulnerability in MySQL by sending a malformed packet to trigger an anonymous login memory leak. It supports both TCP and Unix socket connections.

Description

The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Stefano Di Paola · cremotelinux
https://www.exploit-db.com/exploits/1742

This exploit targets a memory leak vulnerability in MySQL by sending a malformed packet to trigger an anonymous login memory leak. It supports both TCP and Unix socket connections.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: MySQL <= 5.0.20, MySQL <= 4.1.x
No auth needed
Prerequisites: Network access to MySQL server · MySQL server running vulnerable version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (42)

Core 42
Core References
Issue Tracking x_refsource_confirm
http://bugs.debian.org/365938
Vendor Advisory vendor-advisory x_refsource_trustix
http://www.trustix.org/errata/2006/0028
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19929
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20073
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1079
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1633
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/434164/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20424
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200605-13.xml
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/840
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=305214
Various Sources vendor-advisory x_refsource_suse
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.html
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2006-06-02.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17780
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:084
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20241
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20762
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26236
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-236703-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20333
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016017
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20002
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20223
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20076
Patch x_refsource_misc
http://www.wisec.it/vulns.php?page=7
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1071
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1326/references
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0930
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/432733/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20253
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/283-1/
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20457
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1073
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29847
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20625
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0544.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9918
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24479

Scores

EPSS 0.3350
EPSS Percentile 98.2%

Details

Status published
Products (46)
mysql/mysql 4.1.0
mysql/mysql 4.1.3
mysql/mysql 4.1.8
mysql/mysql 4.1.10
mysql/mysql 4.1.12
mysql/mysql 4.1.13
mysql/mysql 4.1.14
mysql/mysql 4.1.15
mysql/mysql 5.0.1
mysql/mysql 5.0.2
... and 36 more
Published May 05, 2006
Tracked Since Feb 18, 2026