CVE-2010-3679 — Mysql vulnerability

CWE-3997 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

4.5%

top 10.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mysql Oracle Mysql

Timeline

PublishedJan 11

Latest updateMay 13

Description

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDoracle/mysql47 versions+46

▶NVDmysql/mysql6 versions+5

Patches

Patch: bugs.mysql.com ↗Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-p3mv-xmc9-r2fr: Oracle MySQL 5↗2022-05-13

▶

📋Vendor Advisories

Ubuntu

MySQL vulnerabilities↗2012-03-12

▶

Ubuntu

MySQL vulnerabilities↗2010-11-11

▶

Red Hat

MySQL: Use of unassigned memory (valgrind errors / crash) by providing certain values to BINLOG statement (MySQL BZ#54393)↗2010-09-07

▶

💬Community

Bugzilla

CVE-2010-3676 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 mysql various flaws [fedora-all]↗2010-09-23

▶

Bugzilla

CVE-2010-3679 MySQL: Use of unassigned memory (valgrind errors / crash) by providing certain values to BINLOG statement (MySQL BZ#54393)↗2010-08-27

▶