CVE-2009-4019

Published: Nov 30, 2009Modified: Apr 23, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.

Affected (81)

Products: Mysql: Mysql · Oracle: Mysql

1 product

1 product

Configuration A

81 vulnerable

Vulnerable Software	Affected Versions
Mysql Mysql	Version 5.0.0
Mysql Mysql	Version 5.0.10
Mysql Mysql	Version 5.0.15
Mysql Mysql	Version 5.0.16
Mysql Mysql	Version 5.0.17
Mysql Mysql	Version 5.0.1
Mysql Mysql	Version 5.0.20
Mysql Mysql	Version 5.0.22.1.0.1
Mysql Mysql	Version 5.0.24
Mysql Mysql	Version 5.0.2
Mysql Mysql	Version 5.0.30
Mysql Mysql	Version 5.0.36
Mysql Mysql	Version 5.0.3
Mysql Mysql	Version 5.0.44
Mysql Mysql	Version 5.0.4
Mysql Mysql	Version 5.0.5.0.21
Mysql Mysql	Version 5.0.54
Mysql Mysql	Version 5.0.56
Mysql Mysql	Version 5.0.5
Mysql Mysql	Version 5.0.60
Mysql Mysql	Version 5.0.66
Mysql Mysql	Version 5.0.82
Mysql Mysql	Version 5.1.23
Mysql Mysql	Version 5.1.32
Mysql Mysql	Version 5.1.5
Oracle Mysql	Version 5.0.0 alpha
Oracle Mysql	Version 5.0.11
Oracle Mysql	Version 5.0.12
Oracle Mysql	Version 5.0.13
Oracle Mysql	Version 5.0.14
Oracle Mysql	Version 5.0.18
Oracle Mysql	Version 5.0.19
Oracle Mysql	Version 5.0.21
Oracle Mysql	Version 5.0.22
Oracle Mysql	Version 5.0.23
Oracle Mysql	Version 5.0.25
Oracle Mysql	Version 5.0.26
Oracle Mysql	Version 5.0.27
Oracle Mysql	Version 5.0.30 sp1
Oracle Mysql	Version 5.0.32
Oracle Mysql	Version 5.0.33
Oracle Mysql	Version 5.0.37
Oracle Mysql	Version 5.0.38
Oracle Mysql	Version 5.0.3 beta
Oracle Mysql	Version 5.0.41
Oracle Mysql	Version 5.0.42
Oracle Mysql	Version 5.0.45
Oracle Mysql	Version 5.0.50
Oracle Mysql	Version 5.0.51
Oracle Mysql	Version 5.0.51a
Oracle Mysql	Version 5.0.52
Oracle Mysql	Version 5.0.6
Oracle Mysql	Version 5.0.75
Oracle Mysql	Version 5.0.77
Oracle Mysql	Version 5.0.7
Oracle Mysql	Version 5.0.81
Oracle Mysql	Version 5.0.83
Oracle Mysql	Version 5.0.8
Oracle Mysql	Version 5.1.10
Oracle Mysql	Version 5.1.11
Oracle Mysql	Version 5.1.12
Oracle Mysql	Version 5.1.13
Oracle Mysql	Version 5.1.14
Oracle Mysql	Version 5.1.15
Oracle Mysql	Version 5.1.16
Oracle Mysql	Version 5.1.17
Oracle Mysql	Version 5.1.18
Oracle Mysql	Version 5.1.19
Oracle Mysql	Version 5.1.1
Oracle Mysql	Version 5.1.20
Oracle Mysql	Version 5.1.21
Oracle Mysql	Version 5.1.22
Oracle Mysql	Version 5.1.2
Oracle Mysql	Version 5.1.30
Oracle Mysql	Version 5.1.3
Oracle Mysql	Version 5.1.4
Oracle Mysql	Version 5.1.6
Oracle Mysql	Version 5.1.7
Oracle Mysql	Version 5.1.8
Oracle Mysql	Version 5.1.9
Oracle Mysql	Version 5.1

References (44)

http://bugs.mysql.com/47780

Source: secalert@redhat.com

http://bugs.mysql.com/48291

Source: secalert@redhat.com

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html

Source: secalert@redhat.com

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

Source: secalert@redhat.com

http://marc.info/?l=oss-security&m=125881733826437&w=2

Source: secalert@redhat.com

http://marc.info/?l=oss-security&m=125883754215621&w=2

Source: secalert@redhat.com

http://marc.info/?l=oss-security&m=125901161824278&w=2

Source: secalert@redhat.com

http://secunia.com/advisories/37717

Source: secalert@redhat.com

http://secunia.com/advisories/38517

Source: secalert@redhat.com

http://secunia.com/advisories/38573

Source: secalert@redhat.com

http://support.apple.com/kb/HT4077

Source: secalert@redhat.com

http://ubuntu.com/usn/usn-897-1

Source: secalert@redhat.com

http://www.debian.org/security/2010/dsa-1997

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2010-0109.html

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-1397-1

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2010/1107

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=540906

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11349

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8500

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00764.html

Source: secalert@redhat.com

http://bugs.mysql.com/47780

Source: af854a3a-2127-422b-91ae-364da2661108

http://bugs.mysql.com/48291

Source: af854a3a-2127-422b-91ae-364da2661108

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=oss-security&m=125881733826437&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=oss-security&m=125883754215621&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=oss-security&m=125901161824278&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/37717

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/38517

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/38573

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4077

Source: af854a3a-2127-422b-91ae-364da2661108

http://ubuntu.com/usn/usn-897-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2010/dsa-1997

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2010-0109.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1397-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/1107

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=540906

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11349

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8500

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00764.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.