CVE-2012-4414
7.7 High
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
53.4%
Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
References
bugs.mysql.com/bug.php?id=66550
lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html
lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html
lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html
lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html
www.mandriva.com/security/advisories?name=MDVSA-2013:102
www.mandriva.com/security/advisories?name=MDVSA-2013:150
www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/
www.openwall.com/lists/oss-security/2012/09/11/4
www.securityfocus.com/bid/55498
bugzilla.redhat.com/show_bug.cgi?id=852144
mariadb.atlassian.net/browse/MDEV-382
Related
7.7 High
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
53.4%