Strix
26.1K

CVE-2005-2573

UnknownEPSS 2.81%

Last modified

CVE-2005-2573 is a vulnerability of currently unknown severity. The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.. EPSS estimates a 2.81% chance of exploitation in the next 30 days.

Description

The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.

Metrics

EPSS Probability
2.81%

84.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersionsUpdate
MysqlMysql4.1.0
MysqlMysql4.1.3
MysqlMysql4.1.10
MysqlMysql5.0.1
MysqlMysql5.0.2
MysqlMysql5.0.3
MysqlMysql5.0.4
OracleMysql4.0.0
OracleMysql4.0.1
OracleMysql4.0.2
OracleMysql4.0.3
OracleMysql4.0.4
OracleMysql4.0.5
OracleMysql4.0.5a
OracleMysql4.0.6
OracleMysql4.0.7
OracleMysql4.0.8
OracleMysql4.0.9
OracleMysql4.0.10
OracleMysql4.0.11
OracleMysql4.0.12
OracleMysql4.0.13
OracleMysql4.0.14
OracleMysql4.0.15
OracleMysql4.0.18
OracleMysql4.0.20
OracleMysql4.0.21
OracleMysql4.0.24
OracleMysql4.1.0Alpha
OracleMysql4.1.2Alpha
OracleMysql4.1.3Beta
OracleMysql4.1.4
OracleMysql4.1.5
OracleMysql5.0.0Alpha

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2005-2573?
The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.
How severe is CVE-2005-2573?
Severity scoring for CVE-2005-2573 is pending analysis. The EPSS model estimates a 2.81% probability of exploitation in the next 30 days.
How do I fix CVE-2005-2573?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2005-2573?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST