CVE-2007-5925
published 2007-11-10CVE-2007-5925: The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a…
PriorityP420medium4CVSS 2.0
AVNACLAuSCNINAP
EXPLOIT
EPSS
11.35%
95.4th percentile
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mysql | mysql | <= 5.1.23_bk | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
vendor_redhat4.0MEDIUM
vendor_ubuntu4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7qx6-9mjj-x6hf: The convert_search_mode_to_innobase function in ha_innodb
ghsa_unreviewed·2022-05-01
CVE-2007-5925 [MEDIUM] CWE-20 GHSA-7qx6-9mjj-x6hf: The convert_search_mode_to_innobase function in ha_innodb
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2012-03-12
CVE-2007-5925 MySQL vulnerabilities
Title: MySQL vulnerabilities
Summary: Several security issues were fixed in MySQL.
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10,
Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to
MySQL 5.0.95.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2007-12-21·CVSS 4.0
CVE-2007-3781 [MEDIUM] MySQL vulnerabilities
Title: MySQL vulnerabilities
Summary: MySQL vulnerabilities
Joe Gallo and Artem Russakovskii discovered that the InnoDB
engine in MySQL did not properly perform input validation. An
authenticated user could use a crafted CONTAINS statement to
cause a denial of service. (CVE-2007-5925)
It was discovered that under certain conditions MySQL could be
made to overwrite system table information. An authenticated
user could use a crafted RENAME statement to escalate privileges.
(CVE-2007-5969)
Philip Stoev discovered that the the federated engine of MySQL
did not properly handle responses with a small number of columns.
An authenticated user could use a crafted response to a SHOW
TABLE STATUS query and cause a denial of service. (CVE-2007-6304)
It was discovered that MySQL did not properly e
Red Hat
mysql DoS in the InnoDB Engine
vendor_redhat·2007-11-05·CVSS 4.0
CVE-2007-5925 [MEDIUM] mysql DoS in the InnoDB Engine
mysql DoS in the InnoDB Engine
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
No detection rules found.
http://bugs.gentoo.org/show_bug.cgi?id=198988http://bugs.mysql.com/bug.php?id=32125http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/067350.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.htmlhttp://secunia.com/advisories/27568http://secunia.com/advisories/27649http://secunia.com/advisories/27823http://secunia.com/advisories/28025http://secunia.com/advisories/28040http://secunia.com/advisories/28099http://secunia.com/advisories/28108http://secunia.com/advisories/28128http://secunia.com/advisories/28838http://security.gentoo.org/glsa/glsa-200711-25.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959http://www.debian.org/security/2007/dsa-1413http://www.mandriva.com/security/advisories?name=MDKSA-2007:243http://www.redhat.com/support/errata/RHSA-2007-1155.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1157.htmlhttp://www.securityfocus.com/bid/26353http://www.securitytracker.com/id?1018978http://www.ubuntu.com/usn/USN-1397-1http://www.vupen.com/english/advisories/2007/3903https://exchange.xforce.ibmcloud.com/vulnerabilities/38284https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11390https://usn.ubuntu.com/559-1/https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.htmlhttp://bugs.gentoo.org/show_bug.cgi?id=198988http://bugs.mysql.com/bug.php?id=32125http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/067350.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.htmlhttp://secunia.com/advisories/27568http://secunia.com/advisories/27649http://secunia.com/advisories/27823http://secunia.com/advisories/28025http://secunia.com/advisories/28040http://secunia.com/advisories/28099http://secunia.com/advisories/28108http://secunia.com/advisories/28128http://secunia.com/advisories/28838http://security.gentoo.org/glsa/glsa-200711-25.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959http://www.debian.org/security/2007/dsa-1413http://www.mandriva.com/security/advisories?name=MDKSA-2007:243http://www.redhat.com/support/errata/RHSA-2007-1155.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1157.htmlhttp://www.securityfocus.com/bid/26353http://www.securitytracker.com/id?1018978http://www.ubuntu.com/usn/USN-1397-1http://www.vupen.com/english/advisories/2007/3903https://exchange.xforce.ibmcloud.com/vulnerabilities/38284https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11390https://usn.ubuntu.com/559-1/https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html
2007-11-10
Published