{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-04T00:00:00", "descriptions": [{"lang": "en", "value": "Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called.  NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon.  Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "mysql-instancemanager-dos(27635)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27635"}, {"tags": ["x_refsource_MISC"], "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-12.html"}, {"tags": ["x_refsource_MISC"], "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-23.html"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.mysql.com/bug.php?id=20622"}, {"name": "ADV-2006-2700", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2700"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3486", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED **  Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called.  NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon.  Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "mysql-instancemanager-dos(27635)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27635"}, {"name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-12.html", "refsource": "MISC", "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-12.html"}, {"name": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-23.html", "refsource": "MISC", "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-23.html"}, {"name": "http://bugs.mysql.com/bug.php?id=20622", "refsource": "MISC", "url": "http://bugs.mysql.com/bug.php?id=20622"}, {"name": "ADV-2006-2700", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2700"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:30:34.268Z"}, "title": "CVE Program Container", "references": [{"name": "mysql-instancemanager-dos(27635)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27635"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-12.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-23.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.mysql.com/bug.php?id=20622"}, {"name": "ADV-2006-2700", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2700"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3486", "datePublished": "2006-07-10T21:00:00", "dateReserved": "2006-07-10T00:00:00", "dateUpdated": "2024-08-07T18:30:34.268Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DC198CDB-CAC0-41DD-9FCD-42536E7FE11A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B77A2761-2B44-4061-9C29-A54F90A1AD83", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5B3AD851-056F-4E57-B85B-4AC5A5A20C0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "FD24EA8C-4FCA-4F40-B2EA-7DFA49432483", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "754B78F2-A03C-40BE-812B-F5E57B93D20B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "575039BD-A8B6-4459-B5F0-F220A94650EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "542B23CB-7535-4EF7-B926-466A5161A0D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "45E686C3-4100-465C-9F45-068580B496E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "6E9F09D8-6FAE-4A5B-AE04-248CD52C5FF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "DB618DB2-6B00-4E99-8232-937D2C51986B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "665E063D-355D-4A5A-A05F-36BF582DE36F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "35BED939-3366-4CBF-B6BF-29C0C42E97F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "1668BB5B-E7FB-4430-B8D5-89E308F5DD39", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "E3F44DA1-1509-4AC7-AB6B-2B2A834A16AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "7A2D6DF6-FE5D-428F-BCEB-E7832C2B4FE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "7777E919-FD4B-452B-88D7-165410C703F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "A56ACB60-EC2C-45AF-B923-B3A90A2F7AE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "67C52D66-3BCA-4854-BF09-CB6DF1AC0E48", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "BF54CC8D-B736-461D-B693-686E862EF969", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "5E5EADE4-9E1B-4A1C-B3B5-ACF1287A19E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "053ACE9B-A146-42C0-ADB2-47F6119965D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "30B4F891-2A03-45A8-A49C-7F8B8F7D8407", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "69E62AC4-954E-476C-98BE-C138E328AE7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.22:*:*:*:*:*:*:*", "matchCriteriaId": "6B88385C-F5FB-401F-80D5-5BF11CE3C19D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "73F49A1D-BCA3-4772-8AB3-621CCC997B3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "F719DD8E-8379-43C3-97F9-DE350E457F7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "342BB65B-1358-441C-B59A-1756BCC6414A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "8589B1E7-0D6D-44B4-A36E-8225C5D15828", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "88FEEE64-899F-4F55-B829-641706E29E32", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "D8597F56-BB14-480C-91CD-CAB96A9DDD8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "7F4C5C88-95A7-4DDA-BC2F-CAFA47B0D67A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "5EB2323C-EFE2-407A-9AE9-8717FA9F8625", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "6341F695-6034-4CC1-9485-ACD3A0E1A079", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "D1DF5F19-ECD9-457F-89C6-6F0271CF4766", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called.  NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon.  Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability"}, {"lang": "es", "value": "** IMPUGNADA ** Desbordamiento de b\u00fafer por superaci\u00f3n del l\u00edmite en la funci\u00f3n Instance_options::complete_initialization de instance_options.cc en el Instance Manager de MySQL antes de 5.0.23 y 5.1 antes de 5.1.12 podr\u00eda permitir a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) mediante vectores sin especificar, lo que dispara el desbordamiento cuando se llama a la funci\u00f3n convert_dirname. NOTA: el fabricante ha impugnado este problema por email a CVE, diciendo que solamente es explotable cuando el usuario tiene acceso al archivo de configuraci\u00f3n o al demonio Instance Manager. Debido a su funcionalidad prevista, este nivel de acceso ya permitir\u00eda al usuario interrumpir la operaci\u00f3n del programa, por lo cual esto no transpasa los l\u00edmites de seguridad y no es una vulnerabilidad."}], "id": "CVE-2006-3486", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-10T21:05:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.mysql.com/bug.php?id=20622"}, {"source": "cve@mitre.org", "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-23.html"}, {"source": "cve@mitre.org", "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-12.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2700"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27635"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.mysql.com/bug.php?id=20622"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-23.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-12.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2700"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27635"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "We do not consider this issue to have security implications, and therefore have no plans to issue MySQL updates for Red Hat Enterprise Linux 2.1, 3, or 4 to correct this issue.", "lastModified": "2006-07-19T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}