Description
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Shane Bester · textdoslinux
https://www.exploit-db.com/exploits/33397
exploitdb
WORKING POC
VERIFIED
by Shane Bester · textdoslinux
https://www.exploit-db.com/exploits/33398
References (22)
Core 22
Core References
Various Sources vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-897-1
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2010/dsa-1997
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38573
Various Sources x_refsource_confirm
http://bugs.mysql.com/48291
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1397-1
Mailing List mailing-list
x_refsource_mlist
http://marc.info/?l=oss-security&m=125901161824278&w=2
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38517
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0109.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1107
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00764.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=540906
Various Sources x_refsource_confirm
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
Various Sources x_refsource_confirm
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11349
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4077
Mailing List mailing-list
x_refsource_mlist
http://marc.info/?l=oss-security&m=125881733826437&w=2
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37717
Mailing List mailing-list
x_refsource_mlist
http://marc.info/?l=oss-security&m=125883754215621&w=2
Various Sources x_refsource_confirm
http://bugs.mysql.com/47780
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8500
Scores
EPSS
0.0766
EPSS Percentile
91.9%
Details
Status
published
Products (50)
mysql/mysql
5.0.0
mysql/mysql
5.0.1
mysql/mysql
5.0.2
mysql/mysql
5.0.3
mysql/mysql
5.0.4
mysql/mysql
5.0.5
mysql/mysql
5.0.5.0.21
mysql/mysql
5.0.10
mysql/mysql
5.0.15
mysql/mysql
5.0.16
... and 40 more
Published
Nov 30, 2009
Tracked Since
Feb 18, 2026