MySQL/MariaDB geometry query crashes mysqld

2013-03-15 / 2013-03-16
Credit: Kurt Seifried
Risk: Medium
Local: Yes
Remote: No
CWE: CWE-119


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

So I was hoping Oracle would assign a CVE for this publicly since it also affects MySQL but it's been a week and we haven't seen anything from them anywhere (public or private). So for the MySQL/MariaDB geometry issues: https://mariadb.atlassian.net/browse/MDEV-4252 http://bugs.mysql.com/bug.php?id=68591 http://lists.askmonty.org/pipermail/commits/2013-March/004371.html https://bugzilla.redhat.com/show_bug.cgi?id=919247 So we've assigned CVE-2013-1861 for this issue. I apologize in advance if Oracle has assigned a CVE for this issue, but they haven't communicated it to anyone, so in future this problem can easily be avoided by simply posting the assigned CVE to OSS-Security and everyone will know. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

References:

https://mariadb.atlassian.net/browse/MDEV-4252
http://bugs.mysql.com/bug.php?id=68591
http://lists.askmonty.org/pipermail/commits/2013-March/004371.html
https://bugzilla.redhat.com/show_bug.cgi?id=919247


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top