CVE-2010-3678

Mysql - Resource Management Error

Title source: rule
STIX 2.1

Description

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Shane Bester · textdosmultiple
https://www.exploit-db.com/exploits/15467

References (14)

Core 14
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1397-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1017-1
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:012
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:155
Exploit, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=628172
Exploit, Patch x_refsource_confirm
http://bugs.mysql.com/bug.php?id=54477
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/42596
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0164.html
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0170
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0133
Various Sources x_refsource_confirm
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42936
Exploit, Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/09/28/10

Scores

EPSS 0.0605
EPSS Percentile 90.8%

Details

CWE
CWE-399
Status published
Products (48)
mysql/mysql 5.1.5
mysql/mysql 5.1.23
mysql/mysql 5.1.31
mysql/mysql 5.1.32
mysql/mysql 5.1.34
mysql/mysql 5.1.37
oracle/mysql 5.1
oracle/mysql 5.1.1
oracle/mysql 5.1.2
oracle/mysql 5.1.3
... and 38 more
Published Jan 11, 2011
Tracked Since Feb 18, 2026