CVE-2006-3469
MEDIUMEPSS 98th pctlDescription
Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.
CVSS v2 Vector
No CVSS vector data available.
Exploit Intelligence
Very high risk: more likely to be exploited than 98% of all known CVEs.
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694
- http://bugs.mysql.com/bug.php?id=20729
- http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html
- http://docs.info.apple.com/article.html?artnum=305214
- http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
- http://secunia.com/advisories/21147
- http://secunia.com/advisories/21366
- http://secunia.com/advisories/24479
- http://secunia.com/advisories/31226
- http://security.gentoo.org/glsa/glsa-200608-09.xml
- http://www.debian.org/security/2006/dsa-1112
- http://www.redhat.com/support/errata/RHSA-2008-0768.html
- http://www.securityfocus.com/bid/19032
- http://www.ubuntu.com/usn/usn-321-1
- http://www.us-cert.gov/cas/techalerts/TA07-072A.html
- http://www.vupen.com/english/advisories/2007/0930
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9827
Find and fix vulnerabilities across your fleet
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start freeThis product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-04-16.