CVE-2010-3833 — Mysql vulnerability

CWE-3998 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

7.3%

top 8.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mysql Oracle Mysql

Timeline

PublishedJan 14

Latest updateMay 13

Description

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmysql/mysql31 versions+30

▶NVDoracle/mysql95 versions+94

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-75p5-8637-4fhr: MySQL 5↗2022-05-13

▶

📋Vendor Advisories

Ubuntu

MySQL vulnerabilities↗2012-03-12

▶

Ubuntu

MySQL vulnerabilities↗2010-11-11

▶

Red Hat

MySQL: CREATE TABLE ... SELECT causes crash when KILL_BAD_DATA is returned (MySQL Bug#55826)↗2010-08-08

▶

💬Community

Bugzilla

CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 mysql various flaws [fedora-12]↗2010-10-22

▶

Bugzilla

CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3839 CVE-2010-3840 mysql various flaws [fedora-13]↗2010-10-22

▶

Bugzilla

CVE-2010-3833 MySQL: CREATE TABLE ... SELECT causes crash when KILL_BAD_DATA is returned (MySQL Bug#55826)↗2010-10-06

▶