CVE-2010-3840 — Mysql vulnerability

8 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

0.7%

top 27.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mysql Oracle Mysql

Timeline

PublishedJan 14

Latest updateMay 13

Description

The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmysql/mysql6 versions+5

▶NVDoracle/mysql49 versions+48

Patches

Patch: bugs.mysql.com ↗Patch: lists.mysql.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-5xj4-76jr-46qh: The Gis_line_string::init_from_wkb function in sql/spatial↗2022-05-13

▶

📋Vendor Advisories

Ubuntu

MySQL vulnerabilities↗2012-03-12

▶

Ubuntu

MySQL vulnerabilities↗2010-11-11

▶

Red Hat

MySQL: crash when loading data into geometry function PolyFromWKB() (MySQL Bug#51875)↗2010-03-09

▶

💬Community

Bugzilla

CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 mysql various flaws [fedora-12]↗2010-10-22

▶

Bugzilla

CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3839 CVE-2010-3840 mysql various flaws [fedora-13]↗2010-10-22

▶

Bugzilla

CVE-2010-3840 MySQL: crash when loading data into geometry function PolyFromWKB() (MySQL Bug#51875)↗2010-10-07

▶