Unrated severityNVD Advisory· Published Sep 22, 2003· Updated Apr 16, 2026

CVE-2003-0780

Description

Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.

Affected products

MySQL/MySQL
cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*
Oracle Corporation/MySQL66 versions
cpe:2.3:a:oracle:mysql:3.23:*:*:*:*:*:*:*+ 65 more
- cpe:2.3:a:oracle:mysql:3.23:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.22:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.23:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.24:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.25:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.26:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.27:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.28:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.28:gamma:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.29:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.30:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.31:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.32:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.33:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.34:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.36:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.37:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.38:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.39:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.40:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.41:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.42:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.43:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.44:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.45:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.46:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.47:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.48:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.49:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.50:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.51:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.52:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.53:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.54:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.55:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.56:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*
Conectiva/Linux3 versions
cpe:2.3:o:conectiva:linux:7.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:conectiva:linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:conectiva:linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2003/dsa-381nvdPatchVendor Advisory
www.redhat.com/support/errata/RHSA-2003-281.htmlnvdPatchVendor Advisory
www.securityfocus.com/archive/1/337012nvdExploitPatchVendor Advisory
www.kb.cert.org/vuls/id/516492nvdUS Government Resource
distro.conectiva.com.br/atualizacoes/nvd
lists.grok.org.uk/pipermail/full-disclosure/2003-September/009819.htmlnvd
marc.infonvd
marc.infonvd
secunia.com/advisories/9709nvd
www.mandriva.com/security/advisoriesnvd
www.redhat.com/support/errata/RHSA-2003-282.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.057
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000