[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-4019Date: (C)2009-11-30   (M)2024-02-22


mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.0
Exploit Score: 8.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-37717
SECUNIA-38517
SECUNIA-38573
ADV-2010-1107
APPLE-SA-2010-03-29-1
DSA-1997
FEDORA-2009-12180
RHSA-2010:0109
SUSE-SR:2010:011
USN-1397-1
USN-897-1
http://marc.info/?l=oss-security&m=125881733826437&w=2
http://marc.info/?l=oss-security&m=125883754215621&w=2
http://marc.info/?l=oss-security&m=125901161824278&w=2
http://bugs.mysql.com/47780
http://bugs.mysql.com/48291
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
http://support.apple.com/kb/HT4077
https://bugzilla.redhat.com/show_bug.cgi?id=540906
oval:org.mitre.oval:def:11349
oval:org.mitre.oval:def:8500

CPE    23
cpe:/a:mysql:mysql:5.0.10
cpe:/a:mysql:mysql:5.0.16
cpe:/a:mysql:mysql:5.0.17
cpe:/a:mysql:mysql:5.0.15
...
OVAL    20
oval:org.secpod.oval:def:100995
oval:org.secpod.oval:def:201852
oval:org.secpod.oval:def:100540
oval:org.secpod.oval:def:101597
...

© SecPod Technologies