CVE-2010-3680
published 2011-01-11CVE-2010-3680: Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable…
PriorityP422medium4CVSS 2.0
AVNACLAuSCNINAP
EXPLOIT
EPSS
12.23%
95.7th percentile
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.
Affected
53 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
vendor_redhat4.0MEDIUM
vendor_ubuntu3.5LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vxqm-vpmr-r6q9: Oracle MySQL 5
ghsa_unreviewed·2022-05-13
CVE-2010-3680 [MEDIUM] GHSA-vxqm-vpmr-r6q9: Oracle MySQL 5
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2012-03-12
CVE-2007-5925 MySQL vulnerabilities
Title: MySQL vulnerabilities
Summary: Several security issues were fixed in MySQL.
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10,
Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to
MySQL 5.0.95.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2010-11-11·CVSS 3.5
CVE-2010-2008 [LOW] MySQL vulnerabilities
Title: MySQL vulnerabilities
It was discovered that MySQL incorrectly handled certain requests with the
UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit
this to make MySQL crash, causing a denial of service. This issue only
affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-2008)
It was discovered that MySQL incorrectly handled joins involving a table
with a unique SET column. An authenticated user could exploit this to make
MySQL crash, causing a denial of service. This issue only affected Ubuntu
6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3677)
It was discovered that MySQL incorrectly handled NULL arguments to IN() or
CASE operations. An authenticated user could exploit this to make MySQL
crash, causing a denial of service. This issue only affected Ubuntu 9.10
Red Hat
MySQL: mysqld DoS (assertion failure) by using temporary InnoDB engine tables with nullable columns (MySQL bug #54044)
vendor_redhat·2010-07-09·CVSS 4.0
CVE-2010-3680 [MEDIUM] MySQL: mysqld DoS (assertion failure) by using temporary InnoDB engine tables with nullable columns (MySQL bug #54044)
MySQL: mysqld DoS (assertion failure) by using temporary InnoDB engine tables with nullable columns (MySQL bug #54044)
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.
Statement: This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3 and 4.
Package: mysql (Red Hat Enterprise Linux 4) - Not affected
No detection rules found.
Bugzilla
CVE-2010-3676 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 mysql various flaws [fedora-all]
bugzilla·2010-09-23·CVSS 4.0
CVE-2010-3676 [MEDIUM] CVE-2010-3676 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 mysql various flaws [fedora-all]
CVE-2010-3676 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 mysql various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new
Bugzilla
CVE-2010-3680 MySQL: mysqld DoS (assertion failure) by using temporary InnoDB engine tables with nullable columns (MySQL bug #54044)
bugzilla·2010-08-28·CVSS 4.0
CVE-2010-3680 [MEDIUM] CVE-2010-3680 MySQL: mysqld DoS (assertion failure) by using temporary InnoDB engine tables with nullable columns (MySQL bug #54044)
CVE-2010-3680 MySQL: mysqld DoS (assertion failure) by using temporary InnoDB engine tables with nullable columns (MySQL bug #54044)
A denial of service was found in the way MySQL processed creation of
temporary tables, when the InnoDB storage engine was used. A remote
authenticated MySQL user could use this flaw to cause mysqld daemon
abort (assertion failure).
References:
[1] http://secunia.com/advisories/41048/
[2] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
Upstream bug report:
[3] http://bugs.mysql.com/bug.php?id=54044
Note:
This issue only causes a temporary denial of service, as the mysql daemon
shipped with Red Hat Enterprise Linux 5 will be automatically restarted
after the abort.
Discussion:
Public reproducer (from [3]):
SET storage_engine=innodb;
CREATE TEMPOR
http://bugs.mysql.com/bug.php?id=54044http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.htmlhttp://secunia.com/advisories/42875http://secunia.com/advisories/42936http://www.debian.org/security/2011/dsa-2143http://www.mandriva.com/security/advisories?name=MDVSA-2010:155http://www.mandriva.com/security/advisories?name=MDVSA-2010:222http://www.mandriva.com/security/advisories?name=MDVSA-2011:012http://www.openwall.com/lists/oss-security/2010/09/28/10http://www.redhat.com/support/errata/RHSA-2010-0825.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0164.htmlhttp://www.securityfocus.com/bid/42598http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txthttp://www.ubuntu.com/usn/USN-1017-1http://www.ubuntu.com/usn/USN-1397-1http://www.vupen.com/english/advisories/2011/0105http://www.vupen.com/english/advisories/2011/0133http://www.vupen.com/english/advisories/2011/0170http://www.vupen.com/english/advisories/2011/0345https://bugzilla.redhat.com/show_bug.cgi?id=628192https://exchange.xforce.ibmcloud.com/vulnerabilities/64686http://bugs.mysql.com/bug.php?id=54044http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.htmlhttp://secunia.com/advisories/42875http://secunia.com/advisories/42936http://www.debian.org/security/2011/dsa-2143http://www.mandriva.com/security/advisories?name=MDVSA-2010:155http://www.mandriva.com/security/advisories?name=MDVSA-2010:222http://www.mandriva.com/security/advisories?name=MDVSA-2011:012http://www.openwall.com/lists/oss-security/2010/09/28/10http://www.redhat.com/support/errata/RHSA-2010-0825.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0164.htmlhttp://www.securityfocus.com/bid/42598http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txthttp://www.ubuntu.com/usn/USN-1017-1http://www.ubuntu.com/usn/USN-1397-1http://www.vupen.com/english/advisories/2011/0105http://www.vupen.com/english/advisories/2011/0133http://www.vupen.com/english/advisories/2011/0170http://www.vupen.com/english/advisories/2011/0345https://bugzilla.redhat.com/show_bug.cgi?id=628192https://exchange.xforce.ibmcloud.com/vulnerabilities/64686
2011-01-11
Published