Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-5614Improper Input Validation in Mariadb

CWE-20Improper Input Validation5 documents5 sources
Severity
4.0MEDIUMNVD
EPSS
8.5%
top 7.61%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
7
MariadbOracle MysqlRedhat Enterprise Linux Desktop+4 more
Timeline
PublishedDec 3
Latest updateMay 17

Description

Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages5 packages

NVDoracle/mysql5.1.05.1.67+1
NVDmariadb/mariadb5.5.05.5.30+1

Also affects: Enterprise Linux 6.4

Patches

Patch: mariadb.atlassian.netPatch: mariadb.atlassian.net

🔴Vulnerability Details

1
GHSA
GHSA-g68p-rgrw-xp3p: Oracle MySQL 52022-05-17

💥Exploits & PoCs

1
Exploit-DB
MySQL - Denial of Service (PoC)2012-12-02

📋Vendor Advisories

1
Red Hat
mysql: COM_BINLOG_DUMP crash on invalid data2012-12-01

💬Community

1
Bugzilla
CVE-2012-5614 mysql: COM_BINLOG_DUMP crash on invalid data2012-12-02