New Search

MySQL 5.0 and 5.1 SELECT Statement DOS Vulnerability

oval:org.mitre.oval:def:8500

mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Vista
  • Microsoft Windows 7
  • Microsoft Windows Server 2003
  • Microsoft Windows 2000
  • Microsoft Windows XP
  • Microsoft Windows Server 2008
Class:
vulnerability
Reference(s):
  • CVE-2009-4019
Product(s):
  • MySQL Server 5.1
  • MySQL Server 5.0