Published: 14/01/2011 Updated: 17/12/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 prior to 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mysql mysql 5.1.23
oracle mysql 5.1.42
mysql mysql 5.1.37
oracle mysql 5.1.38
oracle mysql 5.1.3
oracle mysql 5.1.4
oracle mysql 5.1.12
oracle mysql 5.1.17
mysql mysql 5.1.32
oracle mysql 5.1.1
oracle mysql 5.1.20
oracle mysql 5.1.28
oracle mysql 5.1.34
oracle mysql 5.1.24
oracle mysql 5.1.46
mysql mysql 5.1.34
oracle mysql 5.1.35
oracle mysql 5.1.41
oracle mysql 5.1.45
oracle mysql 5.1.8
oracle mysql 5.1.13
oracle mysql 5.1.16
oracle mysql 5.1.30
mysql mysql 5.1.5
oracle mysql 5.1.27
oracle mysql 5.1.37
oracle mysql 5.1.49
oracle mysql 5.1.50
mysql mysql 5.1.31
oracle mysql 5.1.47
oracle mysql 5.1.23
oracle mysql 5.1.36
oracle mysql 5.1.48
oracle mysql 5.1.6
oracle mysql 5.1.14
oracle mysql 5.1.11
oracle mysql 5.1.10
oracle mysql 5.1
oracle mysql 5.1.18
oracle mysql 5.1.19
oracle mysql 5.1.40
oracle mysql 5.1.31
oracle mysql 5.1.43
oracle mysql 5.1.33
oracle mysql 5.1.44
oracle mysql 5.1.39
oracle mysql 5.1.9
oracle mysql 5.1.7
oracle mysql 5.1.2
oracle mysql 5.1.15
oracle mysql 5.1.21
oracle mysql 5.1.22
oracle mysql 5.1.29
oracle mysql 5.1.26
oracle mysql 5.1.25

Several vulnerabilities have been discovered in the MySQL database server The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3677 It was discovered that MySQL allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET col ...

Several security issues were fixed in MySQL ...

It was discovered that MySQL incorrectly handled certain requests with the UPGRADE DATA DIRECTORY NAME command An authenticated user could exploit this to make MySQL crash, causing a denial of service This issue only affected Ubuntu 910 and 1004 LTS (CVE-2010-2008) ...

NVD-CWE-Other http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 https://bugzilla.redhat.com/show_bug.cgi?id=640865 http://secunia.com/advisories/42875 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 http://www.securityfocus.com/bid/43676 http://lists.mysql.com/commits/117094 http://www.ubuntu.com/usn/USN-1017-1 http://www.redhat.com/support/errata/RHSA-2010-0824.html http://bugs.mysql.com/bug.php?id=51875 http://www.debian.org/security/2011/dsa-2143 http://www.vupen.com/english/advisories/2011/0105 http://www.redhat.com/support/errata/RHSA-2010-0825.html http://www.redhat.com/support/errata/RHSA-2011-0164.html http://secunia.com/advisories/42936 http://www.vupen.com/english/advisories/2011/0170 http://www.vupen.com/english/advisories/2011/0345 http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/64838 http://www.ubuntu.com/usn/USN-1397-1 https://nvd.nist.gov https://www.debian.org/security/./dsa-2143 https://usn.ubuntu.com/1397-1/

CVE-2010-3840

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect