CVE-2012-5614

Published: Dec 3, 2012Modified: Apr 29, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.

Affected (9)

Products: Oracle: Mysql · Mariadb: Mariadb · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Workstation

1 product

1 product

5 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Workstation

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Oracle Mysql	From 5.1.0 to 5.1.67
Oracle Mysql	From 5.5.0 to 5.5.29

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Mariadb Mariadb	From 10.0.0 to 10.0.2
Mariadb Mariadb	From 5.5.0 to 5.5.30

Configuration C

5 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Eus	Version 6.4
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server Aus	Version 6.4
Redhat Enterprise Linux Workstation	Version 6.0

References (22)

http://rhn.redhat.com/errata/RHSA-2013-0772.html

Source: secalert@redhat.com

Third Party Advisory

http://seclists.org/fulldisclosure/2012/Dec/7

Source: secalert@redhat.com

ExploitMailing ListThird Party Advisory

http://secunia.com/advisories/53372

Source: secalert@redhat.com

Not Applicable

http://security.gentoo.org/glsa/glsa-201308-06.xml

Source: secalert@redhat.com

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Source: secalert@redhat.com

Broken Link

http://www.openwall.com/lists/oss-security/2012/12/02/3

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2012/12/02/4

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

Source: secalert@redhat.com

Vendor Advisory

http://www.securitytracker.com/id?1027829

Source: secalert@redhat.com

Broken LinkThird Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=882607

Source: secalert@redhat.com

Issue Tracking

https://mariadb.atlassian.net/browse/MDEV-3910

Source: secalert@redhat.com

Broken LinkPatch

http://rhn.redhat.com/errata/RHSA-2013-0772.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://seclists.org/fulldisclosure/2012/Dec/7

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

http://secunia.com/advisories/53372

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

http://security.gentoo.org/glsa/glsa-201308-06.xml

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.openwall.com/lists/oss-security/2012/12/02/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2012/12/02/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id?1027829

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=882607

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://mariadb.atlassian.net/browse/MDEV-3910

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkPatch

Timeline

No history available yet.