Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2006-3486

EPSS 0.09% · P25
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-3486

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
MySQL ‘nstance_options.cc‘的Instance_options::complete_initialization 函数缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
**有争议** MySQL 5.0.23之前版本及5.1.12 之前的5.1版本中的instance_options.cc的Instance_options::complete_initialization 函数存在Off-by-one(大小差一)缓冲区漏洞。本地用户可以借助可在调用convert_dirname函数时触发溢出的未明向量,引起拒绝服务(应用程序崩溃)。注:厂商在发给CVE的电子邮件中对此问题提出反驳,表示只有在用户已经访问配置文件或Instance Manager daemon程序时才能利
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2006-3486

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2006-3486

登录查看更多情报信息。

Same Patch Batch · n/a · 2006-07-10 · 27 CVEs total

CVE-2006-3477Stalker Communigate Pro POP服务空收件箱拒绝服务漏洞
CVE-2006-3471Microsoft Internet Explorer Table Frameset拒绝服务漏洞
CVE-2006-3470Dell Openmanage CD X11和SSH daemon安全特权漏洞
CVE-2006-2936Linux Kernel的USB驱动的ftdi_sio模块拒绝服务漏洞
CVE-2006-2917Qbik WinGate IMAP Service目录遍历漏洞
CVE-2006-3485AstroDog Press Some Chess Board.PHP 多个SQL注入漏洞
CVE-2006-3484ATutor多个跨站脚本攻击(XSS) 漏洞
CVE-2006-3483PHPMailList 访问控制的web文档根目敏感信息泄露漏洞
CVE-2006-3482PHPMailList 'MailList.PHP'跨站脚本攻击漏洞
CVE-2006-3481Joomla!多个SQL注入漏洞
CVE-2006-3480Joomla!多个跨站脚本攻击(XSS)漏洞
CVE-2006-3479Nuked-Klan 'block.php'跨站请求伪造(CSRF) 漏洞
CVE-2006-3478MyPHP CMS 'global_header.php'远程文件包含漏洞
CVE-2006-3487VirtuaStore 'database/virtuastore.mdb'数据库信息泄露漏洞
CVE-2006-3476PHPWebGallery 'Comments.PHP'跨站脚本攻击漏洞
CVE-2006-3475Free QBoard qb_path远程文件包含漏洞
CVE-2006-3474Belchior Foundry vCard PRO多个SQL注入漏洞
CVE-2006-3473form_mail Drupal Module 存在跨站请求伪造漏洞
CVE-2006-3472Microsoft Internet Explorer Href Title拒绝服务漏洞
CVE-2006-3494Buddy Zone多个跨站脚本攻击(XSS) 漏洞

Showing top 20 of 27 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2006-3486

No comments yet

Leave a comment