Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1861 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mariadb

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

20.8%

top 4.39%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mariadb Oracle Mysql Canonical Ubuntu Linux +6 more

Timeline

PublishedMar 28

Latest updateMay 14

Description

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

▶NVDoracle/mysql5.1.0 — 5.1.69+2

▶NVDmariadb/mariadb5.5.0 — 5.5.32+1

▶NVDopensuse/opensuse11.4, 12.2, 12.3+2

▶NVDsuse/linux_enterprise_server11

▶NVDsuse/linux_enterprise_desktop11

Also affects: Debian Linux 7.0, Ubuntu Linux 10.04, 12.04, 12.10, 13.04, Enterprise Linux 5, 6.0

🔴Vulnerability Details

GHSA

GHSA-5cv5-75c5-879q: MariaDB 5↗2022-05-14

▶

CVEList

CVE-2013-1861: MariaDB 5↗2013-03-28

▶

💥Exploits & PoCs

Exploit-DB

MySQL / MariaDB - Geometry Query Denial of Service↗2013-03-07

▶

📋Vendor Advisories

Ubuntu

MySQL vulnerabilities↗2013-07-25

▶

Red Hat

mysql: geometry query crashes mysqld (CPU July 2013)↗2013-03-05

▶

💬Community

Bugzilla

CVE-2013-1861 mysql: geometry query crashes mysqld [fedora-all]↗2013-03-15

▶

Bugzilla

CVE-2013-1861 mysql: geometry query crashes mysqld (CPU July 2013)↗2013-03-07

▶