5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.055 Low
EPSS
Percentile
93.1%
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not
properly propagate type errors, which allows remote attackers to cause a
denial of service (server crash) via crafted arguments to extreme-value
functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and
a “CREATE TABLE … SELECT.”
Author | Note |
---|---|
jdstrand | mysql-cluster-7.0 not supported per server team |
mdeslaur | can’t reproduce on dapper, and code is different |