CVE-2010-3678

Oracle MySQL 5.1 < 5.1.49 - Authenticated Denial of Service via IN or CASE Operations with NULL Arguments

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3678. PoCs published by Shane Bester.

AI-analyzed exploit summary This PoC demonstrates a denial-of-service vulnerability in MySQL by executing specific SQL queries that crash the database. The exploit targets MySQL versions prior to 5.1.49 by leveraging malformed GROUP BY queries with ROLLUP.

Description

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Shane Bester · textdosmultiple

https://www.exploit-db.com/exploits/15467

View Code ZIP pw:eip

This PoC demonstrates a denial-of-service vulnerability in MySQL by executing specific SQL queries that crash the database. The exploit targets MySQL versions prior to 5.1.49 by leveraging malformed GROUP BY queries with ROLLUP.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: MySQL prior to 5.1.49

Auth required

Prerequisites: Access to a MySQL database with sufficient privileges to execute DDL and DML statements

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14

Core References

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1397-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1017-1

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:012

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2010:155

Exploit, Patch x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=628172

Exploit, Patch x_refsource_confirm

http://bugs.mysql.com/bug.php?id=54477

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/42596

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2011-0164.html

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0170

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0133

Various Sources x_refsource_confirm

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42936

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

Exploit, Patch mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2010/09/28/10

Scores

EPSS 0.1223

EPSS Percentile 95.7%

Details

CWE

CWE-399

Status published

Products (48)

mysql/mysql 5.1.5

mysql/mysql 5.1.23

mysql/mysql 5.1.31

mysql/mysql 5.1.32

mysql/mysql 5.1.34

mysql/mysql 5.1.37

oracle/mysql 5.1

oracle/mysql 5.1.1

oracle/mysql 5.1.2

oracle/mysql 5.1.3

... and 38 more

Published Jan 11, 2011

Tracked Since Feb 18, 2026