Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-4019 — Mysql vulnerability

8 documents6 sources

Severity

4.0MEDIUMNVD

EPSS

7.7%

top 8.08%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mysql Oracle Mysql

Timeline

PublishedNov 30

Latest updateMay 2

Description

mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmysql/mysql25 versions+24

▶NVDoracle/mysql56 versions+55

🔴Vulnerability Details

GHSA

GHSA-pvv2-gf98-5mv3: mysqld in MySQL 5↗2022-05-02

▶

💥Exploits & PoCs

Exploit-DB

MySQL 6.0.9 - SELECT Statement WHERE Clause Sub-query Denial of Service↗2009-11-23

▶

Exploit-DB

MySQL 6.0.9 - 'GeomFromWKB()' Function First Argument Geometry Value Handling Denial of Service↗2009-11-23

▶

📋Vendor Advisories

Ubuntu

MySQL vulnerabilities↗2012-03-12

▶

Ubuntu

MySQL vulnerabilities↗2010-02-10

▶

Red Hat

mysql: DoS (crash) when comparing GIS items from subquery and when handling subqueires in WHERE and assigning a SELECT result to a @variable↗2009-11-04

▶

💬Community

Bugzilla

CVE-2009-4019 mysql: DoS (crash) when comparing GIS items from subquery and when handling subqueires in WHERE and assigning a SELECT result to a @variable↗2009-11-24

▶