CyberSec.Space Logo
Back to CVE Browser

CVE-2004-0836

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0010%
EPSS Percentile25.91th
PublishedNov 3, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).

Affected Platforms (CPE)

πŸ“¦
Oracle

Mysql

>= 3.20 and < 3.23.49
πŸ“¦
Oracle

Mysql

>= 4.0.0 and < 4.0.21
πŸ’»
Debian

Debian Linux

= 3.0

References & Advisories

πŸ”— http://bugs.mysql.com/bug.php?id=4017
πŸ”— http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892
πŸ”— http://lists.mysql.com/internals/14726
πŸ”— http://marc.info/?l=bugtraq&m=110140517515735&w=2
πŸ”— http://secunia.com/advisories/12305/
πŸ”— http://www.ciac.org/ciac/bulletins/p-018.shtml
πŸ”— http://www.debian.org/security/2004/dsa-562
πŸ”— http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml

Related Vulnerabilities

CVE-2004-062710.0

The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-...

CVE-2004-062810.0

Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and...

CVE-2026-4926110.0

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 th...

CVE-2005-068410.0

Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (...