CVE-2007-2583

MySQL <5.0.40, <5.1.18 - DoS

Title source: llm

Description

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Neil Kettle · textdoslinux

https://www.exploit-db.com/exploits/30020

View Code ZIP pw:eip

References (26)

Core 26

Core References

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/1731

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27823

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25196

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25188

Broken Link x_refsource_confirm

https://issues.rpath.com/browse/RPL-1356

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25389

Broken Link vendor-advisory x_refsource_trustix

http://www.trustix.org/errata/2007/0017/

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/34232

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200705-11.xml

Issue Tracking, Vendor Advisory x_refsource_confirm

http://bugs.mysql.com/bug.php?id=27513

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/30020

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25946

Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/23911

Patch, Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2007/dsa-1413

Vendor Advisory x_refsource_confirm

http://lists.mysql.com/commits/23685

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/528-1/

Third Party Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2007:139

Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9930

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30351

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27155

Broken Link vdb-entry x_refsource_osvdb

http://www.osvdb.org/34734

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25255

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28838

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0364.html

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/124295/MySQL-5.0.x-Denial-Of-Service.html

Scores

EPSS 0.0306

EPSS Percentile 86.8%

Details

Status published

Products (6)

canonical/ubuntu_linux 6.06

canonical/ubuntu_linux 6.10

canonical/ubuntu_linux 7.04

debian/debian_linux 3.1

debian/debian_linux 4.0

oracle/mysql < 5.0.40

Published May 10, 2007

Tracked Since Feb 18, 2026