CVE-2010-3682
MySQL < 5.1.49 and < 5.0.92 - Authenticated Denial of Service via EXPLAIN with Crafted SELECT UNION ORDER BY
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2010-3682. PoCs published by Bjorn Munch.
AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in MySQL versions prior to 5.1.49 by executing specific SQL queries that crash the database. The PoC involves creating tables and executing malformed UNION and ORDER BY queries with subqueries.
Description
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
Exploits (1)
This exploit demonstrates a denial-of-service vulnerability in MySQL versions prior to 5.1.49 by executing specific SQL queries that crash the database. The PoC involves creating tables and executing malformed UNION and ORDER BY queries with subqueries.