Search

published date: September 22, 2003

CVE-2003-0780 : Buffer Overflow Vulnerability

Description

Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.

Product(s):

  • MySQL MySQL 4.1.0
  • MySQL 4.1.0
  • MySQL MySQL 4.1.0 alpha
  • Oracle MySQL 3.23.10
  • Oracle MySQL 3.23.22
  • Oracle MySQL 3.23.23

Question to Ask Vendors:

  1. Can you confirm whether your systems are affected by CVE-2003-0780, and if so, what steps are you currently taking to mitigate this vulnerability?
  2. What is your estimated timeline for fully resolving CVE-2003-0780 in your products or services, and how will you communicate updates on this issue to us as your customer?

READY TO GET RESULTS YOU CAN TRUST?