CVE-2010-3676
published 2011-01-11CVE-2010-3676: storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion…
PriorityP422medium4CVSS 2.0
AVNACLAuSCNINAP
EXPLOIT
EPSS
9.47%
94.8th percentile
storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.
Affected
53 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
vendor_redhat4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
MySQL: mysqld DoS (assertion failure) after changing InnoDB storage engine configuration parameters (MySQL bug #55039)
vendor_redhat·2010-07-09·CVSS 4.0
CVE-2010-3676 [MEDIUM] MySQL: mysqld DoS (assertion failure) after changing InnoDB storage engine configuration parameters (MySQL bug #55039)
MySQL: mysqld DoS (assertion failure) after changing InnoDB storage engine configuration parameters (MySQL bug #55039)
storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.
Statement: Not vulnerable. This issue did not affect the versions of mysql package
as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6.
Package: mysql (Red Hat Enterprise Linux 4) - Not affected
Package: mysql (Red Hat Enterprise Linux 5) - Not affected
GHSA
GHSA-2f85-2599-xgq8: storage/innobase/dict/dict0crea
ghsa_unreviewed·2022-05-13
CVE-2010-3676 [MEDIUM] GHSA-2f85-2599-xgq8: storage/innobase/dict/dict0crea
storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.
No detection rules found.
Bugzilla
CVE-2010-3676 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 mysql various flaws [fedora-all]
bugzilla·2010-09-23·CVSS 4.0
CVE-2010-3676 [MEDIUM] CVE-2010-3676 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 mysql various flaws [fedora-all]
CVE-2010-3676 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 mysql various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new
Bugzilla
CVE-2010-3676 MySQL: mysqld DoS (assertion failure) after changing InnoDB storage engine configuration parameters (MySQL bug #55039)
bugzilla·2010-08-30·CVSS 4.0
CVE-2010-3676 [MEDIUM] CVE-2010-3676 MySQL: mysqld DoS (assertion failure) after changing InnoDB storage engine configuration parameters (MySQL bug #55039)
CVE-2010-3676 MySQL: mysqld DoS (assertion failure) after changing InnoDB storage engine configuration parameters (MySQL bug #55039)
A denial of service flaw was found in the way MySQL processed
multiple parallel connections changing InnoDB storage engine
configuration parameters (innodb_file_format and innodb_file_per_table)
and simultaneously issuing data definition language (DDL) statemens.
A remote, authenticated MySQL user could use this flaw to cause
mysqld daemon abort (assertion failure).
References:
[1] http://secunia.com/advisories/41048/
[2] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
Upstream bug report:
[3] http://bugs.mysql.com/bug.php?id=55039
Discussion:
Public PoC (from [3]):
# MTR test case. It failed for me 18 times of 20 I tried
# Increasing number of
http://bugs.mysql.com/bug.php?id=55039http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:012http://www.openwall.com/lists/oss-security/2010/09/28/10http://www.securityfocus.com/bid/42643http://www.vupen.com/english/advisories/2011/0133https://bugzilla.redhat.com/show_bug.cgi?id=628660https://exchange.xforce.ibmcloud.com/vulnerabilities/64689http://bugs.mysql.com/bug.php?id=55039http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:012http://www.openwall.com/lists/oss-security/2010/09/28/10http://www.securityfocus.com/bid/42643http://www.vupen.com/english/advisories/2011/0133https://bugzilla.redhat.com/show_bug.cgi?id=628660https://exchange.xforce.ibmcloud.com/vulnerabilities/64689
2011-01-11
Published