CVE-2002-1376

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/12/2002
Last modified:
03/04/2025

Description

libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:oracle:mysql:3.22.26:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.22.27:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.22.28:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.22.29:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.22.30:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.22.32:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.23:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.24:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools