CVE-2012-5614

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.

References

http://rhn.redhat.com/errata/RHSA-2013-0772.html

http://seclists.org/fulldisclosure/2012/Dec/7

http://secunia.com/advisories/53372

http://security.gentoo.org/glsa/glsa-201308-06.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.openwall.com/lists/oss-security/2012/12/02/3

http://www.openwall.com/lists/oss-security/2012/12/02/4

http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

http://www.securitytracker.com/id?1027829

https://bugzilla.redhat.com/show_bug.cgi?id=882607

https://mariadb.atlassian.net/browse/MDEV-3910

Details

Source: MITRE

Published: 2012-12-03

Updated: 2014-02-21

Type: CWE-20

Risk Information

CVSS v2

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
69746Amazon Linux AMI : mysql55 (ALAS-2013-187)NessusAmazon Linux Local Security Checks
medium
69745Amazon Linux AMI : mysql51 (ALAS-2013-186)NessusAmazon Linux Local Security Checks
medium
69508GLSA-201308-06 : MySQL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
68817Oracle Linux 6 : mysql (ELSA-2013-0772)NessusOracle Linux Local Security Checks
medium
66257CentOS 6 : mysql (CESA-2013:0772)NessusCentOS Local Security Checks
medium
66229Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20130425)NessusScientific Linux Local Security Checks
medium
66225RHEL 6 : mysql (RHSA-2013:0772)NessusRed Hat Local Security Checks
medium
801139MySQL Server 5.5.x < 5.5.31 Multiple VulnerabilitiesLog Correlation EngineDatabase
medium
801127MySQL Server 5.1.x < 5.1.69 Multiple VulnerabilitiesLog Correlation EngineDatabase
medium
6767Oracle MySQL Server 5.5.x < 5.5.31 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
6765Oracle MySQL Server 5.1.x < 5.1.69 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
66178MySQL 5.5 < 5.5.31 Multiple VulnerabilitiesNessusDatabases
medium
66177MySQL 5.1 < 5.1.69 Multiple VulnerabilitiesNessusDatabases
medium