CVE-2009-2446

MySQL 4.0.0-5.0.83 - Authenticated Denial of Service via Format String in Database Name

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2446. PoCs published by kingcope.

AI-analyzed exploit summary This exploit leverages a format-string vulnerability in MySQL (CVE-2009-2446) by using the `simple_command` function with `COM_CREATE_DB` to trigger arbitrary code execution. The PoC connects to a MySQL server and attempts to exploit the vulnerability via a crafted database name.

Description

Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED
by kingcope · cdoslinux
https://www.exploit-db.com/exploits/33077

This exploit leverages a format-string vulnerability in MySQL (CVE-2009-2446) by using the `simple_command` function with `COM_CREATE_DB` to trigger arbitrary code execution. The PoC connects to a MySQL server and attempts to exploit the vulnerability via a crafted database name.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: MySQL 4.0.0 through 5.0.75
Auth required
Prerequisites: Valid MySQL credentials · Network access to the MySQL server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1397-1
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504799/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38517
Various Sources vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-897-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1289.html
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1022533
Patch vdb-entry x_refsource_osvdb
http://www.osvdb.org/55734
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11857
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1857
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4077
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51614
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:179
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35609
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0110.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35767
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36566

Scores

EPSS 0.1059
EPSS Percentile 95.2%

Details

CWE
CWE-134
Status published
Products (46)
mysql/mysql 4.1.0
mysql/mysql 4.1.2
mysql/mysql 4.1.3
mysql/mysql 4.1.8
mysql/mysql 4.1.10
mysql/mysql 4.1.12
mysql/mysql 4.1.13
mysql/mysql 4.1.14
mysql/mysql 4.1.15
mysql/mysql 4.1.23
... and 36 more
Published Jul 13, 2009
Tracked Since Feb 18, 2026