cbcvebase.
CVE-2012-5614
published 2012-12-03

CVE-2012-5614: Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of…

PriorityP424medium4CVSS 2.0
AVNACLAuSCNINAP
EXPLOIT
EPSS
13.18%
95.9th percentile
Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.

Affected

9 ranges
VendorProductVersion rangeFixed in
mariadbmariadb>= 10.0.0 < 10.0.210.0.2
mariadbmariadb>= 5.5.0 < 5.5.305.5.30
oraclemysql5.1.0 – 5.1.67
oraclemysql5.5.0 – 5.5.29
redhatenterprise_linux_desktop
redhatenterprise_linux_eus
redhatenterprise_linux_server
redhatenterprise_linux_server_aus
redhatenterprise_linux_workstation

CVSS provenance

nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
vendor_redhat4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.