CVE-2009-4019
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
5.9 Medium
AI Score
Confidence
Low
0.1 Low
EPSS
Percentile
94.9%
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
Affected configurations
References
bugs.mysql.com/47780
bugs.mysql.com/48291
dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
marc.info/?l=oss-security&m=125881733826437&w=2
marc.info/?l=oss-security&m=125883754215621&w=2
marc.info/?l=oss-security&m=125901161824278&w=2
secunia.com/advisories/37717
secunia.com/advisories/38517
secunia.com/advisories/38573
support.apple.com/kb/HT4077
ubuntu.com/usn/usn-897-1
www.debian.org/security/2010/dsa-1997
www.redhat.com/support/errata/RHSA-2010-0109.html
www.ubuntu.com/usn/USN-1397-1
www.vupen.com/english/advisories/2010/1107
bugzilla.redhat.com/show_bug.cgi?id=540906
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11349
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8500
www.redhat.com/archives/fedora-package-announce/2009-December/msg00764.html
Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
5.9 Medium
AI Score
Confidence
Low
0.1 Low
EPSS
Percentile
94.9%