Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0819 — Reachable Assertion in Mysql

6 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

5.0%

top 10.25%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mysql Oracle Mysql

Timeline

PublishedMar 5

Latest updateMay 2

Description

sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmysql/mysql5.1.32-bzr+4

▶NVDoracle/mysql31 versions+30

Patches

Patch: bugs.mysql.com ↗Patch: bugs.mysql.com ↗

🔴Vulnerability Details

GHSA

GHSA-hgj9-pq3m-8vp3: sql/item_xmlfunc↗2022-05-02

▶

💥Exploits & PoCs

Exploit-DB

MySQL 6.0.9 - XPath Expression Remote Denial of Service↗2009-02-14

▶

📋Vendor Advisories

Red Hat

CVE-2009-0819: sql/item_xmlfunc↗

▶

🕵️Threat Intelligence

Talos

Rule release for today - March 31st 2009↗2009-03-31

▶

Talos

Rule release for today - March 31st 2009↗2009-03-31

▶