CVE-2003-0073

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.

Vulnerabilidad de doble liberación de memoria (double-free) en mysqld de MySQL anteriores a 3.23.55 permite a atacantes remotos causar una denegación de servicio (caída) mediante mysql_change_user.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2003-02-04 CVE Reserved
2003-02-19 CVE Published
2024-08-08 CVE Updated
2024-09-16 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (14)

URL	Tag	Source
http://marc.info/?l=bugtraq&m=104385719107879&w=2	Mailing List
http://www.iss.net/security_center/static/11199.php	Vdb Entry
http://www.securityfocus.com/bid/6718	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A436	Signature

URL	Date	SRC

URL	Date	SRC
http://www.debian.org/security/2003/dsa-303	2019-10-07

URL	Date	SRC
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743	2019-10-07
http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html	2019-10-07
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:013	2019-10-07
http://www.mysql.com/doc/en/News-3.23.55.html	2019-10-07
http://www.redhat.com/support/errata/RHSA-2003-093.html	2019-10-07
http://www.redhat.com/support/errata/RHSA-2003-094.html	2019-10-07
http://www.redhat.com/support/errata/RHSA-2003-166.html	2019-10-07
https://access.redhat.com/security/cve/CVE-2003-0073	2003-05-15
https://bugzilla.redhat.com/show_bug.cgi?id=1616954	2003-05-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				3.23.31 Search vendor "Oracle" for product "Mysql" and version "3.23.31"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				3.23.36 Search vendor "Oracle" for product "Mysql" and version "3.23.36"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				3.23.41 Search vendor "Oracle" for product "Mysql" and version "3.23.41"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				3.23.47 Search vendor "Oracle" for product "Mysql" and version "3.23.47"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				3.23.52 Search vendor "Oracle" for product "Mysql" and version "3.23.52"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				3.23.53 Search vendor "Oracle" for product "Mysql" and version "3.23.53"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				3.23.54 Search vendor "Oracle" for product "Mysql" and version "3.23.54"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				3.23.54a Search vendor "Oracle" for product "Mysql" and version "3.23.54a"		-		Affected