CVE-2014-0001

NameCVE-2014-0001
DescriptionBuffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-75-1, DSA-2919-1
Debian Bugs737596, 737597

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mysql-5.5 (PTS)jessie, jessie (lts)5.5.62-0+deb8u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mariadb-5.5source(unstable)5.5.35-1low737597
mysql-5.1sourcesqueeze5.1.73-1+deb6u1DLA-75-1
mysql-5.1source(unstable)(unfixed)low
mysql-5.5sourcewheezy5.5.37-0+wheezy1DSA-2919-1
mysql-5.5source(unstable)5.5.37-1low737596
percona-xtradb-cluster-5.5source(unstable)5.5.37-25.10+dfsg-1

Notes

[squeeze] - mysql-5.1 <no-dsa> (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.1.x)
https://bugzilla.redhat.com/show_bug.cgi?id=1054592
http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64

Search for package or bug name: Reporting problems