CVE-2009-4019
5.8 Medium
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.111 Low
EPSS
Percentile
95.1%
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
References
bugs.mysql.com/47780
bugs.mysql.com/48291
dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
marc.info/?l=oss-security&m=125881733826437&w=2
marc.info/?l=oss-security&m=125883754215621&w=2
marc.info/?l=oss-security&m=125901161824278&w=2
secunia.com/advisories/37717
secunia.com/advisories/38517
secunia.com/advisories/38573
support.apple.com/kb/HT4077
ubuntu.com/usn/usn-897-1
www.debian.org/security/2010/dsa-1997
www.redhat.com/support/errata/RHSA-2010-0109.html
www.ubuntu.com/usn/USN-1397-1
www.vupen.com/english/advisories/2010/1107
bugzilla.redhat.com/show_bug.cgi?id=540906
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11349
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8500
www.redhat.com/archives/fedora-package-announce/2009-December/msg00764.html
Related
5.8 Medium
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.111 Low
EPSS
Percentile
95.1%