CVE-2010-3834 — Mysql vulnerability

7 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

0.8%

top 26.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mysql Oracle Mysql

Timeline

PublishedJan 14

Latest updateMay 13

Description

Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmysql/mysql31 versions+30

▶NVDoracle/mysql95 versions+94

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-m2w3-ww5p-6g7f: Unspecified vulnerability in MySQL 5↗2022-05-13

▶

📋Vendor Advisories

Ubuntu

MySQL vulnerabilities↗2012-03-12

▶

Ubuntu

MySQL vulnerabilities↗2010-11-11

▶

Red Hat

MySQL: user variable assignments crash server when used within query (MySQL Bug#55568)↗2010-09-28

▶

💬Community

Bugzilla

CVE-2010-3834 MySQL: user variable assignments crash server when used within query (MySQL Bug#55568)↗2010-10-06

▶

Bugzilla

CVE-2009-1189 dbus: invalid fix for CVE-2008-3834↗2009-04-20

▶