CVE-2006-3081

MySQL Server 4/5 - Str_To_Date Remote Denial of Service

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function.

mysqld en MySQL v4.1.x antes de v4.1.18, v5.0.x antes de v5.0.19, y v5.1.x antes de v5.1.6 permite causar una denegación de servicio (caída del demonio) a usuarios remotos autorizados a través de un segundo argumento nulo para la función STR_TO_DATE.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-06-14 First Exploit
2006-06-19 CVE Reserved
2006-06-19 CVE Published
2024-08-07 CVE Updated
2025-06-04 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (25)

URL	Tag	Source
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373913	X_refsource_confirm
http://bugs.mysql.com/bug.php?id=15828	X_refsource_confirm
http://docs.info.apple.com/article.html?artnum=305214	X_refsource_confirm
http://seclists.org/lists/fulldisclosure/2006/Jun/0434.html	Mailing List
http://secunia.com/advisories/24479	Third Party Advisory
http://www.securityfocus.com/archive/1/437145	Mailing List
http://www.securityfocus.com/archive/1/437277	Mailing List
http://www.securityfocus.com/archive/1/437571/100/0/threaded	Mailing List
http://www.us-cert.gov/cas/techalerts/TA06-208A.html	Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA07-072A.html	Third Party Advisory
http://www.vupen.com/english/advisories/2007/0930	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/27212	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9516	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/28026	2006-06-14
http://www.securityfocus.com/bid/18439	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html	2019-12-17
http://secunia.com/advisories/19929	2019-12-17
http://secunia.com/advisories/20832	2019-12-17
http://secunia.com/advisories/20871	2019-12-17
http://www.debian.org/security/2006/dsa-1112	2019-12-17
http://www.mandriva.com/security/advisories?name=MDKSA-2006:111	2019-12-17
http://www.redhat.com/support/errata/RHSA-2007-0083.html	2019-12-17
https://usn.ubuntu.com/306-1	2019-12-17
https://access.redhat.com/security/cve/CVE-2006-3081	2007-02-19
https://bugzilla.redhat.com/show_bug.cgi?id=1618132	2007-02-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				4.1.13 Search vendor "Mysql" for product "Mysql" and version "4.1.13"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				4.1.15 Search vendor "Mysql" for product "Mysql" and version "4.1.15"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.0 Search vendor "Mysql" for product "Mysql" and version "5.0.0"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.1 Search vendor "Mysql" for product "Mysql" and version "5.0.1"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.2 Search vendor "Mysql" for product "Mysql" and version "5.0.2"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.3 Search vendor "Mysql" for product "Mysql" and version "5.0.3"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.4 Search vendor "Mysql" for product "Mysql" and version "5.0.4"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.1.5 Search vendor "Mysql" for product "Mysql" and version "5.1.5"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				4.0.18 Search vendor "Oracle" for product "Mysql" and version "4.0.18"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				4.1.4 Search vendor "Oracle" for product "Mysql" and version "4.1.4"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				4.1.5 Search vendor "Oracle" for product "Mysql" and version "4.1.5"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				4.1.7 Search vendor "Oracle" for product "Mysql" and version "4.1.7"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				4.1.16 Search vendor "Oracle" for product "Mysql" and version "4.1.16"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.18 Search vendor "Oracle" for product "Mysql" and version "5.0.18"		-		Affected