Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5614

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-5614
Last Modified 20 Feb 2014 11:55:26
Published 03 Dec 2012 07:49:43
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-5614

Summary

Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.

Vulnerable Systems

Application

  • Mariadb 5.5.28a

  • Oracle Mysql 5.5.19


References

MISC - https://mariadb.atlassian.net/browse/MDEV-3910

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=882607

MLIST - [oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday

FULLDISC - 20121201 MySQL Denial of Service Zeroday PoC

SECTRACK - 1027829

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

REDHAT - RHSA-2013:0772

MANDRIVA - MDVSA-2013:150

GENTOO - GLSA-201308-06

SECUNIA - 53372


Last Updated: 27 May 2016 11:01:25