CVE-2013-1861

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.

References

http://lists.askmonty.org/pipermail/commits/2013-March/004371.html

http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html

http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html

http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html

http://seclists.org/oss-sec/2013/q1/671

http://secunia.com/advisories/52639

http://secunia.com/advisories/54300

http://security.gentoo.org/glsa/glsa-201409-04.xml

http://www.debian.org/security/2013/dsa-2818

http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

http://www.osvdb.org/91415

http://www.securityfocus.com/bid/58511

http://www.ubuntu.com/usn/USN-1909-1

https://bugzilla.redhat.com/show_bug.cgi?id=919247

https://exchange.xforce.ibmcloud.com/vulnerabilities/82895

https://mariadb.atlassian.net/browse/MDEV-4252

Details

Source: MITRE

Published: 2013-03-28

Updated: 2019-04-22

Type: CWE-119

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mariadb:mariadb:5.5.20:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.5.21:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.5.22:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.5.23:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.5.24:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.5.25:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.5.27:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.5.28:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.5.29:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:mariadb:mariadb:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.3:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.4:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.5:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.6:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.7:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.8:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.9:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.10:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.11:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.12:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:mariadb:mariadb:5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.4:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.5:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.6:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.7:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.8:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.9:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.10:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.11:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.12:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.13:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.14:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:mariadb:mariadb:5.1.41:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.42:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.44:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.47:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.49:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.50:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.51:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.53:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.55:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.60:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.61:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.62:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.66:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.67:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
80705Oracle Solaris Third-Party Patch Update : mysql (multiple_vulnerabilities_in_mysql)NessusSolaris Local Security Checks
medium
77548GLSA-201409-04 : MySQL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
72373MariaDB 5.5 < 5.5.32 Multiple VulnerabilitiesNessusDatabases
medium
71474Debian DSA-2818-1 : mysql-5.5 - several vulnerabilitiesNessusDebian Local Security Checks
medium
70328SuSE 11.3 Security Update : mysql, mysql-client (SAT Patch Number 8364)NessusSuSE Local Security Checks
medium
69511SuSE 11.3 Security Update : MySQL (SAT Patch Number 8217)NessusSuSE Local Security Checks
medium
69073Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : mysql-5.5, mysql-dfsg-5.1 vulnerabilities (USN-1909-1)NessusUbuntu Local Security Checks
medium
801397MySQL 5.6.x < 5.6.12 Multiple VulnerabilitiesLog Correlation EngineDatabase
medium
6934Oracle MySQL 5.6.x < 5.6.12 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
68939MySQL 5.6.x < 5.6.12 Multiple VulnerabilitiesNessusDatabases
medium
68938MySQL 5.5 < 5.5.32 Multiple VulnerabilitiesNessusDatabases
medium
68937MySQL 5.1 < 5.1.70 Multiple VulnerabilitiesNessusDatabases
medium
67261Fedora 19 : community-mysql-5.5.31-7.fc19 (2013-10020)NessusFedora Local Security Checks
medium
66215Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerabilities (USN-1807-1)NessusUbuntu Local Security Checks
high
65732MariaDB 5.5 < 5.5.30 Multiple VulnerabilitiesNessusDatabases
high