Published: 14/01/2011 Updated: 17/12/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

MySQL 5.1 prior to 5.1.51 and 5.5 prior to 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle mysql 5.1.47
oracle mysql 5.1.23
oracle mysql 5.1.36
oracle mysql 5.1.48
mysql mysql 5.1.37
oracle mysql 5.1.6
oracle mysql 5.1.3
oracle mysql 5.1.14
oracle mysql 5.1.11
oracle mysql 5.1.10
oracle mysql 5.1
mysql mysql 5.1.32
oracle mysql 5.1.19
oracle mysql 5.1.20
oracle mysql 5.1.40
oracle mysql 5.1.31
oracle mysql 5.1.46
mysql mysql 5.1.31
mysql mysql 5.1.34
oracle mysql 5.1.35
mysql mysql 5.1.23
mysql mysql 5.1.5
oracle mysql 5.1.8
oracle mysql 5.1.13
oracle mysql 5.1.16
oracle mysql 5.1.30
oracle mysql 5.1.18
oracle mysql 5.1.27
oracle mysql 5.1.37
oracle mysql 5.1.49
oracle mysql 5.1.50
oracle mysql 5.1.43
oracle mysql 5.1.42
oracle mysql 5.1.38
oracle mysql 5.1.39
oracle mysql 5.1.4
oracle mysql 5.1.9
oracle mysql 5.1.12
oracle mysql 5.1.17
oracle mysql 5.1.1
oracle mysql 5.1.21
oracle mysql 5.1.28
oracle mysql 5.1.29
oracle mysql 5.1.34
oracle mysql 5.1.24
oracle mysql 5.1.33
oracle mysql 5.1.44
oracle mysql 5.1.41
oracle mysql 5.1.7
oracle mysql 5.1.45
oracle mysql 5.1.2
oracle mysql 5.1.15
oracle mysql 5.1.22
oracle mysql 5.1.26
oracle mysql 5.1.25
oracle mysql 5.5.0
oracle mysql 5.5.1
oracle mysql 5.5.2
oracle mysql 5.5.3
oracle mysql 5.5.4
oracle mysql 5.5.5

Several vulnerabilities have been discovered in the MySQL database server The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3677 It was discovered that MySQL allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET col ...

Several security issues were fixed in MySQL ...

It was discovered that MySQL incorrectly handled certain requests with the UPGRADE DATA DIRECTORY NAME command An authenticated user could exploit this to make MySQL crash, causing a denial of service This issue only affected Ubuntu 910 and 1004 LTS (CVE-2010-2008) ...

CWE-189 http://www.securityfocus.com/bid/43676 http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html http://bugs.mysql.com/bug.php?id=55564 https://bugzilla.redhat.com/show_bug.cgi?id=640819 http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 http://secunia.com/advisories/42875 http://www.ubuntu.com/usn/USN-1017-1 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html http://www.debian.org/security/2011/dsa-2143 http://www.vupen.com/english/advisories/2011/0105 http://www.redhat.com/support/errata/RHSA-2010-0825.html http://www.redhat.com/support/errata/RHSA-2011-0164.html http://secunia.com/advisories/42936 http://www.vupen.com/english/advisories/2011/0170 http://www.vupen.com/english/advisories/2011/0345 http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt http://support.apple.com/kb/HT4723 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html https://exchange.xforce.ibmcloud.com/vulnerabilities/64843 http://www.ubuntu.com/usn/USN-1397-1 https://nvd.nist.gov https://www.debian.org/security/./dsa-2143 https://usn.ubuntu.com/1397-1/

CVE-2010-3835

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect