← back
CVE-2006-1516

CVE-2006-1516

EPSS 33.5%
The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/1742unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://bugs.debian.org/365938http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.htmlhttp://docs.info.apple.com/article.html?artnum=305214http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.htmlhttp://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.htmlhttp://secunia.com/advisories/19929http://secunia.com/advisories/20002http://secunia.com/advisories/20073http://secunia.com/advisories/20076http://secunia.com/advisories/20223http://secunia.com/advisories/20241http://secunia.com/advisories/20253