CVE-2013-1861

MariaDB 5.1.x-5.5.x - Denial of Service via Crafted Geometry Feature

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1861. PoCs published by Alyssa Milburn.

AI-analyzed exploit summary This exploit leverages a denial-of-service vulnerability in MySQL and MariaDB by executing a malformed SQL query with the 'astext' function. The query crashes the database, denying service to legitimate users.

Description

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Alyssa Milburn · textdoslinux
https://www.exploit-db.com/exploits/38392

This exploit leverages a denial-of-service vulnerability in MySQL and MariaDB by executing a malformed SQL query with the 'astext' function. The query crashes the database, denying service to legitimate users.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: MySQL and MariaDB (versions affected by CVE-2013-1861)
No auth needed
Prerequisites: Access to execute SQL queries on the target database
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (17)

Core 17
Core References
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/54300
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2818
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2013/q1/671
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/82895
Broken Link x_refsource_confirm
https://mariadb.atlassian.net/browse/MDEV-4252
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/52639
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/58511
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1909-1
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/91415
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=919247
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201409-04.xml
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://lists.askmonty.org/pipermail/commits/2013-March/004371.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html

Scores

EPSS 0.1867
EPSS Percentile 96.9%

Details

CWE
CWE-119
Status published
Products (15)
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 12.10
canonical/ubuntu_linux 13.04
debian/debian_linux 7.0
mariadb/mariadb 5.5.0 - 5.5.32
opensuse/opensuse 11.4
opensuse/opensuse 12.2
opensuse/opensuse 12.3
oracle/mysql 5.1.0 - 5.1.69
... and 5 more
Published Mar 28, 2013
Tracked Since Feb 18, 2026