CVE-2010-3835 — Mysql vulnerability

CWE-1898 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

0.9%

top 24.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mysql Oracle Mysql

Timeline

PublishedJan 14

Latest updateMay 13

Description

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmysql/mysql6 versions+5

▶NVDoracle/mysql55 versions+54

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-r74g-jppv-888f: MySQL 5↗2022-05-13

▶

📋Vendor Advisories

Ubuntu

MySQL vulnerabilities↗2012-03-12

▶

Ubuntu

MySQL vulnerabilities↗2010-11-11

▶

Red Hat

MySQL: crash with user variables, assignments, joins... (MySQL Bug #55564)↗2010-07-26

▶

💬Community

Bugzilla

CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 mysql various flaws [fedora-12]↗2010-10-22

▶

Bugzilla

CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3839 CVE-2010-3840 mysql various flaws [fedora-13]↗2010-10-22

▶

Bugzilla

CVE-2010-3835 MySQL: crash with user variables, assignments, joins... (MySQL Bug #55564)↗2010-10-06

▶