Unrated severityNVD Advisory· Published Jul 21, 2006· Updated Apr 16, 2026

CVE-2006-3469

Description

Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.

Affected products

MySQL/MySQL10 versions
cpe:2.3:a:mysql:mysql:4.1.8:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:mysql:mysql:4.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:4.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:4.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:4.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:4.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*
Oracle Corporation/MySQL15 versions
cpe:2.3:a:oracle:mysql:4.1.6:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:oracle:mysql:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.20:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2006/dsa-1112nvdPatchVendor Advisory
secunia.com/advisories/21147nvdVendor Advisory
secunia.com/advisories/21366nvdVendor Advisory
secunia.com/advisories/24479nvdVendor Advisory
secunia.com/advisories/31226nvdVendor Advisory
www.vupen.com/english/advisories/2007/0930nvdVendor Advisory
www.us-cert.gov/cas/techalerts/TA07-072A.htmlnvdUS Government Resource
bugs.debian.org/cgi-bin/bugreport.cginvd
bugs.mysql.com/bug.phpnvd
dev.mysql.com/doc/refman/4.1/en/news-4-1-21.htmlnvd
docs.info.apple.com/article.htmlnvd
lists.apple.com/archives/security-announce/2007/Mar/msg00002.htmlnvd
security.gentoo.org/glsa/glsa-200608-09.xmlnvd
www.redhat.com/support/errata/RHSA-2008-0768.htmlnvd
www.securityfocus.com/bid/19032nvd
www.ubuntu.com/usn/usn-321-1nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9827nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.031
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000