CVE-2009-4019

high

Description

mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.

References

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00764.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8500

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11349

https://bugzilla.redhat.com/show_bug.cgi?id=540906

http://www.vupen.com/english/advisories/2010/1107

http://www.ubuntu.com/usn/USN-1397-1

http://www.redhat.com/support/errata/RHSA-2010-0109.html

http://www.debian.org/security/2010/dsa-1997

http://ubuntu.com/usn/usn-897-1

http://support.apple.com/kb/HT4077

http://secunia.com/advisories/38573

http://secunia.com/advisories/38517

http://secunia.com/advisories/37717

http://marc.info/?l=oss-security&m=125901161824278&w=2

http://marc.info/?l=oss-security&m=125883754215621&w=2

http://marc.info/?l=oss-security&m=125881733826437&w=2

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html

http://bugs.mysql.com/48291

http://bugs.mysql.com/47780

Details

Source: Mitre, NVD

Published: 2009-11-30

Updated: 2019-12-17

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High