CVE-2002-1373

Description

Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.

Affected products

• oracle / mysql3.22.26 – 3.22.26
• oracle / mysql3.22.27 – 3.22.27
• oracle / mysql3.22.28 – 3.22.28
• oracle / mysql3.22.29 – 3.22.29
• oracle / mysql3.22.30 – 3.22.30
• oracle / mysql3.22.32 – 3.22.32
• oracle / mysql3.23.2 – 3.23.2
• oracle / mysql3.23.3 – 3.23.3
• oracle / mysql3.23.4 – 3.23.4
• oracle / mysql3.23.5 – 3.23.5
• oracle / mysql3.23.8 – 3.23.8
• oracle / mysql3.23.9 – 3.23.9
• oracle / mysql3.23.10 – 3.23.10
• oracle / mysql3.23.23 – 3.23.23
• oracle / mysql3.23.24 – 3.23.24
• oracle / mysql3.23.25 – 3.23.25
• oracle / mysql3.23.26 – 3.23.26
• oracle / mysql3.23.27 – 3.23.27
• oracle / mysql3.23.28 – 3.23.28
• oracle / mysql3.23.29 – 3.23.29
• oracle / mysql3.23.30 – 3.23.30
• oracle / mysql3.23.31 – 3.23.31
• oracle / mysql3.23.34 – 3.23.34
• oracle / mysql3.23.36 – 3.23.36
• oracle / mysql3.23.37 – 3.23.37
• oracle / mysql3.23.38 – 3.23.38
• oracle / mysql3.23.39 – 3.23.39
• oracle / mysql3.23.40 – 3.23.40
• oracle / mysql3.23.41 – 3.23.41
• oracle / mysql3.23.42 – 3.23.42
• oracle / mysql3.23.43 – 3.23.43
• oracle / mysql3.23.44 – 3.23.44
• oracle / mysql3.23.45 – 3.23.45
• oracle / mysql3.23.46 – 3.23.46
• oracle / mysql3.23.47 – 3.23.47
• oracle / mysql3.23.48 – 3.23.48
• oracle / mysql3.23.49 – 3.23.49
• oracle / mysql3.23.50 – 3.23.50
• oracle / mysql3.23.51 – 3.23.51
• oracle / mysql3.23.52 – 3.23.52
• oracle / mysql3.23.53 – 3.23.53
• oracle / mysql3.23.53a – 3.23.53a
• oracle / mysql4.0.0 – 4.0.0
• oracle / mysql4.0.1 – 4.0.1
• oracle / mysql4.0.2 – 4.0.2
• oracle / mysql4.0.3 – 4.0.3
• oracle / mysql4.0.5a – 4.0.5a

References

• MAILING_LISThttp://marc.info/?l=bugtraq&m=103971644013961&w=2
• MISChttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555
• VENDOR_ADVISORYhttp://security.e-matters.de/advisories/042002.html
• VENDOR_ADVISORYhttp://www.debian.org/security/2002/dsa-212
• MISChttp://www.redhat.com/support/errata/RHSA-2002-288.html
• VENDOR_ADVISORYhttp://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087
• MISChttp://www.redhat.com/support/errata/RHSA-2003-166.html
• MISChttp://www.securityfocus.com/bid/6368
• MAILING_LISThttp://marc.info/?l=bugtraq&m=104004857201968&w=2
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/10846
• VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/2003_003_mysql.html
• MISChttp://www.redhat.com/support/errata/RHSA-2002-289.html
• MISChttp://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt
• VENDOR_ADVISORYhttp://www.securityfocus.com/advisories/5269