CVE-2010-3835

2010-11-0500:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

EPSS

0.012

Percentile

85.4%

JSON

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated
users to cause a denial of service (mysqld server crash) by performing a
user-variable assignment in a logical expression that is calculated and
stored in a temporary table for GROUP BY, then causing the expression value
to be used after the table is created, which causes the expression to be
re-evaluated instead of accessing its value from the table.

Bugs

Notes

Author	Note
jdstrand	mysql-cluster-7.0 not supported per server team
mdeslaur	can’t reproduce on dapper, and code is different

OSVersionArchitecturePackageVersionFilename
ubuntu10.10noarchmysql-5.1< 5.1.49-1ubuntu8.1UNKNOWN
ubuntu8.04noarchmysql-dfsg-5.0< 5.0.51a-3ubuntu5.8UNKNOWN
ubuntu9.10noarchmysql-dfsg-5.1< 5.1.37-1ubuntu5.5UNKNOWN
ubuntu10.04noarchmysql-dfsg-5.1< 5.1.41-3ubuntu12.7UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.10	noarch	mysql-5.1	< 5.1.49-1ubuntu8.1	UNKNOWN
ubuntu	8.04	noarch	mysql-dfsg-5.0	< 5.0.51a-3ubuntu5.8	UNKNOWN
ubuntu	9.10	noarch	mysql-dfsg-5.1	< 5.1.37-1ubuntu5.5	UNKNOWN
ubuntu	10.04	noarch	mysql-dfsg-5.1	< 5.1.41-3ubuntu12.7	UNKNOWN