FKIE_CVE-2009-4019

Vulnerability from fkie_nvd - Published: 2009-11-30 17:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
References
secalert@redhat.comhttp://bugs.mysql.com/47780
secalert@redhat.comhttp://bugs.mysql.com/48291
secalert@redhat.comhttp://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
secalert@redhat.comhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
secalert@redhat.comhttp://marc.info/?l=oss-security&m=125881733826437&w=2
secalert@redhat.comhttp://marc.info/?l=oss-security&m=125883754215621&w=2
secalert@redhat.comhttp://marc.info/?l=oss-security&m=125901161824278&w=2
secalert@redhat.comhttp://secunia.com/advisories/37717
secalert@redhat.comhttp://secunia.com/advisories/38517
secalert@redhat.comhttp://secunia.com/advisories/38573
secalert@redhat.comhttp://support.apple.com/kb/HT4077
secalert@redhat.comhttp://ubuntu.com/usn/usn-897-1
secalert@redhat.comhttp://www.debian.org/security/2010/dsa-1997
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0109.html
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1397-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1107
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=540906
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11349
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8500
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00764.html
af854a3a-2127-422b-91ae-364da2661108http://bugs.mysql.com/47780
af854a3a-2127-422b-91ae-364da2661108http://bugs.mysql.com/48291
af854a3a-2127-422b-91ae-364da2661108http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
af854a3a-2127-422b-91ae-364da2661108http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=125881733826437&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=125883754215621&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=125901161824278&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37717
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38517
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38573
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4077
af854a3a-2127-422b-91ae-364da2661108http://ubuntu.com/usn/usn-897-1
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-1997
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0109.html
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1397-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1107
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=540906
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11349
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8500
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00764.html
Impacted products
Vendor Product Version
mysql mysql 5.0.0
mysql mysql 5.0.1
mysql mysql 5.0.2
mysql mysql 5.0.3
mysql mysql 5.0.4
mysql mysql 5.0.5
mysql mysql 5.0.5.0.21
mysql mysql 5.0.10
mysql mysql 5.0.15
mysql mysql 5.0.16
mysql mysql 5.0.17
mysql mysql 5.0.20
mysql mysql 5.0.22.1.0.1
mysql mysql 5.0.24
mysql mysql 5.0.30
mysql mysql 5.0.36
mysql mysql 5.0.44
mysql mysql 5.0.54
mysql mysql 5.0.56
mysql mysql 5.0.60
mysql mysql 5.0.66
mysql mysql 5.0.82
mysql mysql 5.1.5
mysql mysql 5.1.23
mysql mysql 5.1.32
oracle mysql 5.0.0
oracle mysql 5.0.3
oracle mysql 5.0.6
oracle mysql 5.0.7
oracle mysql 5.0.8
oracle mysql 5.0.11
oracle mysql 5.0.12
oracle mysql 5.0.13
oracle mysql 5.0.14
oracle mysql 5.0.18
oracle mysql 5.0.19
oracle mysql 5.0.21
oracle mysql 5.0.22
oracle mysql 5.0.23
oracle mysql 5.0.25
oracle mysql 5.0.26
oracle mysql 5.0.27
oracle mysql 5.0.30
oracle mysql 5.0.32
oracle mysql 5.0.33
oracle mysql 5.0.37
oracle mysql 5.0.38
oracle mysql 5.0.41
oracle mysql 5.0.42
oracle mysql 5.0.45
oracle mysql 5.0.50
oracle mysql 5.0.51
oracle mysql 5.0.51a
oracle mysql 5.0.52
oracle mysql 5.0.75
oracle mysql 5.0.77
oracle mysql 5.0.81
oracle mysql 5.0.83
oracle mysql 5.1
oracle mysql 5.1.1
oracle mysql 5.1.2
oracle mysql 5.1.3
oracle mysql 5.1.4
oracle mysql 5.1.6
oracle mysql 5.1.7
oracle mysql 5.1.8
oracle mysql 5.1.9
oracle mysql 5.1.10
oracle mysql 5.1.11
oracle mysql 5.1.12
oracle mysql 5.1.13
oracle mysql 5.1.14
oracle mysql 5.1.15
oracle mysql 5.1.16
oracle mysql 5.1.17
oracle mysql 5.1.18
oracle mysql 5.1.19
oracle mysql 5.1.20
oracle mysql 5.1.21
oracle mysql 5.1.22
oracle mysql 5.1.30
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC198CDB-CAC0-41DD-9FCD-42536E7FE11A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B77A2761-2B44-4061-9C29-A54F90A1AD83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B3AD851-056F-4E57-B85B-4AC5A5A20C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD24EA8C-4FCA-4F40-B2EA-7DFA49432483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "754B78F2-A03C-40BE-812B-F5E57B93D20B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "575039BD-A8B6-4459-B5F0-F220A94650EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDA03768-74D2-4C5D-ABCF-8A91F9E6C273",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "542B23CB-7535-4EF7-B926-466A5161A0D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "45E686C3-4100-465C-9F45-068580B496E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E9F09D8-6FAE-4A5B-AE04-248CD52C5FF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB618DB2-6B00-4E99-8232-937D2C51986B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "665E063D-355D-4A5A-A05F-36BF582DE36F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "214E3CF9-6362-4F5A-91B7-5E69564F7144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4C6CD84-EA5D-451F-AFC3-5F7094F0017D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF9271A-A816-44F6-A811-ECC1FB0993C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "F482D3D3-205C-495E-AF3A-E9C3018111F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "53853D65-F2C6-410F-9CF8-DED19B66BD4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "D927706B-565F-4152-8F86-AC85F1AA469F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C0291F7-27D9-4634-9DD3-21827C1CC5ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D54A38-E7A0-4B89-BBA5-D98D4D7FF3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7AFEB8-711B-4DED-A24E-38012F415FC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.82:*:*:*:*:*:*:*",
              "matchCriteriaId": "9369CF20-D05C-41A2-8F9E-DE259FCF9E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "35BED939-3366-4CBF-B6BF-29C0C42E97F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D0F7A49-62A2-4201-B6F3-8DB9902A4480",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.1.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2BFBC7B-5C23-4CDB-AE4F-721378C36B07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "19001041-22C4-4D2C-A918-378DACBB1DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*",
              "matchCriteriaId": "6F610D56-6BB6-48FB-B43A-670CE9168500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1668BB5B-E7FB-4430-B8D5-89E308F5DD39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3F44DA1-1509-4AC7-AB6B-2B2A834A16AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A2D6DF6-FE5D-428F-BCEB-E7832C2B4FE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "A56ACB60-EC2C-45AF-B923-B3A90A2F7AE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "67C52D66-3BCA-4854-BF09-CB6DF1AC0E48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF54CC8D-B736-461D-B693-686E862EF969",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E5EADE4-9E1B-4A1C-B3B5-ACF1287A19E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "053ACE9B-A146-42C0-ADB2-47F6119965D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "30B4F891-2A03-45A8-A49C-7F8B8F7D8407",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "69E62AC4-954E-476C-98BE-C138E328AE7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B88385C-F5FB-401F-80D5-5BF11CE3C19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA586E2B-A349-47C8-A17C-DA9016C6C3B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "C30CA14C-AE28-4D9A-B53D-B7C28D3BA56B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "811780EA-8805-41A6-A920-A201CCC80790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "11873AEA-5D6C-4AC0-915A-8A2869B2EFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A7753CE5-61C4-4FBC-BB60-F7D4493E76E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EDC2EB4-2C8D-4EF7-83A6-CBE6FF759DD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "5965032E-5BC0-4E69-B097-F9EE2B24C861",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "35F21A5A-F9C0-4860-80AD-1D3937483F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "B54F660F-AE43-4F3B-8935-5712CAE860A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "4413BB52-6FBD-4C12-8864-ADDC65E45B25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B49F9BA-560B-40AE-9457-436830CDD371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53A8437-C61A-4203-B341-B5596569E50B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1435669-9BDA-40D4-BB30-C8AE1C3E7649",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8EBAE3C-F24D-4935-96BF-9541EC03B8F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.51a:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD39950F-FBBF-4505-8FB5-EEF2886095F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA95EE27-389A-4068-AAC1-AD64DD6BB006",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA3E354-4366-46B5-ACD2-E72D0C8320A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C002047-0FB1-4DC6-9108-B4B5AAFAC16A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "584C0690-2826-4389-95AD-42048AEE1916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.83:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CB85180-0F28-4281-BB59-E3F29BE25C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F58612F4-1CAC-4BFC-A9B2-3D4025F428FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F49A1D-BCA3-4772-8AB3-621CCC997B3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F719DD8E-8379-43C3-97F9-DE350E457F7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "342BB65B-1358-441C-B59A-1756BCC6414A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8589B1E7-0D6D-44B4-A36E-8225C5D15828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "88FEEE64-899F-4F55-B829-641706E29E32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8597F56-BB14-480C-91CD-CAB96A9DDD8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F4C5C88-95A7-4DDA-BC2F-CAFA47B0D67A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB2323C-EFE2-407A-9AE9-8717FA9F8625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6341F695-6034-4CC1-9485-ACD3A0E1A079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1DF5F19-ECD9-457F-89C6-6F0271CF4766",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "446DB5E9-EF4C-4A53-911E-91A802AECA5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "5829BE6A-BC58-482B-9DA1-04FDD413A7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "C85D20DF-702B-4F0B-922D-782474A4B663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "73A09785-3CA4-4797-A836-A958DCDC322F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4DE3D79-0966-4E14-9288-7C269A2CEEC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "564F6A24-BEB3-4420-A633-8AD54C292436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "047FBCCD-DE7C-41FA-80A3-AD695C643C7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "687CC501-4CB2-4295-86F6-A5E45DEC2D0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "822A718D-AD9D-4AB9-802F-5F5C6309D809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA2D4002-FD96-462D-BA55-4624170CAA4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A40FE1C-6EB0-4C75-867E-B1F8408E5A0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "31B9607A-1E58-4471-BEDE-03484A1E9739",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement."
    },
    {
      "lang": "es",
      "value": "mysqld en MySQL v5.0.x anteriores a v5.0.88 y v5.1.x anteriores a v5.1.41 no (1) maneja apropiadamente los errores durante la ejecuci\u00f3n de determinadas peticiones SELECT con subpeticiones, y no (2) preserva determinadas \"flags\" (opciones) null_value durante la ejecuci\u00f3n de peticiones que usan la funci\u00f3n GeomFromWKB; lo que permite a usuarios autenticados remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una petici\u00f3n modificada."
    }
  ],
  "id": "CVE-2009-4019",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-11-30T17:30:00.250",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://bugs.mysql.com/47780"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://bugs.mysql.com/48291"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=oss-security\u0026m=125881733826437\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=oss-security\u0026m=125883754215621\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=oss-security\u0026m=125901161824278\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37717"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/38517"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/38573"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://ubuntu.com/usn/usn-897-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2010/dsa-1997"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0109.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1397-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/1107"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=540906"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11349"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8500"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00764.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.mysql.com/47780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.mysql.com/48291"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=125881733826437\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=125883754215621\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=125901161824278\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37717"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38573"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ubuntu.com/usn/usn-897-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-1997"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0109.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1397-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=540906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00764.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.