CVE-2009-4019

MySQL 5.0.x < 5.0.88 and 5.1.x < 5.1.41 - Authenticated Denial of Service via SELECT Subquery Error Handling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-4019. PoCs published by Shane Bester.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in MySQL by leveraging a malformed SQL query involving row comparisons and subqueries, causing the database to crash. It targets versions prior to MySQL 5.0.88 and 5.1.41.

Description

mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Shane Bester · textdoslinux
https://www.exploit-db.com/exploits/33397

This exploit demonstrates a denial-of-service vulnerability in MySQL by leveraging a malformed SQL query involving row comparisons and subqueries, causing the database to crash. It targets versions prior to MySQL 5.0.88 and 5.1.41.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: MySQL < 5.0.88, MySQL < 5.1.41
Auth required
Prerequisites: Access to a MySQL database with sufficient privileges to execute DDL and DML statements
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Shane Bester · textdoslinux
https://www.exploit-db.com/exploits/33398

This exploit demonstrates a denial-of-service vulnerability in MySQL by creating a malformed multipolygon geometry that crashes the server when processed. It targets versions prior to MySQL 5.0.88 and 5.1.41.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: MySQL < 5.0.88, < 5.1.41
Auth required
Prerequisites: Access to a MySQL server with sufficient privileges to create tables and execute queries
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (22)

Core 22
Core References
Various Sources vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-897-1
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2010/dsa-1997
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38573
Various Sources x_refsource_confirm
http://bugs.mysql.com/48291
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1397-1
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=125901161824278&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38517
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0109.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1107
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=540906
Various Sources x_refsource_confirm
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
Various Sources x_refsource_confirm
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11349
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4077
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=125881733826437&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37717
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=125883754215621&w=2
Various Sources x_refsource_confirm
http://bugs.mysql.com/47780
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8500

Scores

EPSS 0.1626
EPSS Percentile 96.5%

Details

Status published
Products (50)
mysql/mysql 5.0.0
mysql/mysql 5.0.1
mysql/mysql 5.0.2
mysql/mysql 5.0.3
mysql/mysql 5.0.4
mysql/mysql 5.0.5
mysql/mysql 5.0.5.0.21
mysql/mysql 5.0.10
mysql/mysql 5.0.15
mysql/mysql 5.0.16
... and 40 more
Published Nov 30, 2009
Tracked Since Feb 18, 2026