CVE-2009-2942
mysql-ocaml - missing escape function
EPSS 0.80%
Description
The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.
How to fix CVE-2009-2942
To remediate CVE-2009-2942, upgrade the affected package to a fixed version below.
- Debian/mysql-ocaml—upgrade to 1.0.4-7 or later
- Debian/mysql-ocaml—upgrade to 1.0.4-2+etch1 or later
Is CVE-2009-2942 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.0.4-7
- from 0, < 1.0.4-2+etch1