[Japanese]

JVNDB-2006-000758

MyODBC Japanese Conversion Edition denial of service vulnerability

Overview

MyODBC is an ODBC driver that allows ODBC-compliant applications to communicate with a MySQL database. MyODBC Japanese Conversion Edition is a Windows version of the driver with additional Japanese encoding functionality released from SoftAgency.

MyODBC Japanese Conversion Edition contains a vulnerability which allows an attacker to cause a denial of service condition on a vulnerable server by sending a certain string as a response to a MySQL database.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.4 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Complete
Affected Products


SoftAgency Co., Ltd.
  • MyODBC Japanese Transformation Function version 3.51.06, 2.50.29, 2.50.25

Impact

A remote attacker could cause a denial of service condition by sending a certain string in a response to a MySQL database.
Solution

Development and maintenance of MyODBC Japanese Conversion Edition has finished. As MySQL 4.1 and higher automatically converts character encodings, we recommend that users use MySQL 4.1 or higher.
Vendor Information

SoftAgency Co., Ltd.
CWE (What is CWE?)

  1. No Mapping(CWE-DesignError) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2006-6948
References

  1. JVN : JVN#30994815
  2. National Vulnerability Database (NVD) : CVE-2006-6948
Revision History

  • [2008/05/21]
      Web page published