CVE-2009-0819
published 2009-03-05CVE-2009-0819: sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath…
PriorityP419medium4CVSS 2.0
AVNACLAuSCNINAP
EXPLOIT
EPSS
10.18%
95.1th percentile
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mysql | mysql | <= 5.1.32-bzr | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
vendor_redhat4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hgj9-pq3m-8vp3: sql/item_xmlfunc
ghsa_unreviewed·2022-05-02
CVE-2009-0819 [MEDIUM] GHSA-hgj9-pq3m-8vp3: sql/item_xmlfunc
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
Red Hat
CVE-2009-0819: sql/item_xmlfunc
vendor_redhat·CVSS 4.0
CVE-2009-0819 [MEDIUM] CVE-2009-0819: sql/item_xmlfunc
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
Statement: Not vulnerable. This issue did not affect the versions of mysql packages, as shipped with Red Hat Enterprise Linux 3, 4, or 5, and Red Hat Application Stack v2.
No detection rules found.
Talos
Rule release for today - March 31st 2009
blogs_talos·2009-03-31·CVSS 4.0
CVE-2009-0819 [MEDIUM] Rule release for today - March 31st 2009
## Rule release for today - March 31st 2009
A few new rules in this release, here's the highlights:
MySQL Denial of Service (CVE-2009-0819): A programming error in MySQL Server may allow a remote attacker to cause a Denial of Service (DoS) against a vulnerable machine.
Mozilla Firefox XML Buffer Overflow: A programming error in Mozilla Firefox may allow a remote attacker to execute code on a victim machine. The error is exposed when the application attempts to process a specially crafted XML file.
As always, details are available here: http://www.snort.org/vrt/advisories/vrt-rules-2009-03-31.html
Talos
Rule release for today - March 31st 2009
blogs_talos·2009-03-31·CVSS 4.0
CVE-2009-0819 [MEDIUM] Rule release for today - March 31st 2009
A few new rules in this release, here's the highlights:
MySQL Denial of Service (CVE-2009-0819):
A programming error in MySQL Server may allow a remote attacker to cause a Denial of Service (DoS) against a vulnerable machine.
Mozilla Firefox XML Buffer Overflow:
A programming error in Mozilla Firefox may allow a remote attacker to execute code on a victim machine. The error is exposed when the application attempts to process a specially crafted XML file.
As always, details are available here: http://www.snort.org/vrt/advisories/vrt-rules-2009-03-31.html
http://bugs.mysql.com/bug.php?id=42495http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.htmlhttp://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.htmlhttp://secunia.com/advisories/34115http://www.securityfocus.com/bid/33972http://www.securitytracker.com/id?1021786http://www.vupen.com/english/advisories/2009/0594https://exchange.xforce.ibmcloud.com/vulnerabilities/49050https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7544http://bugs.mysql.com/bug.php?id=42495http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.htmlhttp://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.htmlhttp://secunia.com/advisories/34115http://www.securityfocus.com/bid/33972http://www.securitytracker.com/id?1021786http://www.vupen.com/english/advisories/2009/0594https://exchange.xforce.ibmcloud.com/vulnerabilities/49050https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7544
2009-03-05
Published