CVE-2014-0001

NameCVE-2014-0001
DescriptionBuffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-75-1, DSA-2919-1
NVD severityhigh (attack range: remote)
Debian Bugs737596, 737597

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mysql-5.5 (PTS)wheezy5.5.47-0+deb7u1fixed
wheezy (security)5.5.50-0+deb7u2fixed
jessie5.5.49-0+deb8u1fixed
jessie (security)5.5.50-0+deb8u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mariadb-5.5source(unstable)5.5.35-1low737597
mysql-5.1source(unstable)(unfixed)low
mysql-5.1sourcesqueeze5.1.73-1+deb6u1highDLA-75-1
mysql-5.5source(unstable)5.5.37-1low737596
mysql-5.5sourcewheezy5.5.37-0+wheezy1highDSA-2919-1
percona-xtradb-cluster-5.5source(unstable)5.5.37-25.10+dfsg-1high

Notes

[squeeze] - mysql-5.1 <no-dsa> (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.1.x)
https://bugzilla.redhat.com/show_bug.cgi?id=1054592
http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64

Search for package or bug name: Reporting problems