Vulnerability-Lookup

FKIE_CVE-2012-4414

Vulnerability from fkie_nvd - Published: 2013-01-22 23:55 - Updated: 2026-04-29 01:13

Severity ?

Summary

Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.

References

	URL	Tags
	secalert@redhat.com	http://bugs.mysql.com/bug.php?id=66550
	secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html
	secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html
	secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html
	secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html
	secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2013:102
	secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
	secalert@redhat.com	http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/
	secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/09/11/4
	secalert@redhat.com	http://www.securityfocus.com/bid/55498
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=852144
	secalert@redhat.com	https://mariadb.atlassian.net/browse/MDEV-382
	af854a3a-2127-422b-91ae-364da2661108	http://bugs.mysql.com/bug.php?id=66550
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2013:102
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
	af854a3a-2127-422b-91ae-364da2661108	http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/09/11/4
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/55498
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=852144
	af854a3a-2127-422b-91ae-364da2661108	https://mariadb.atlassian.net/browse/MDEV-382

Impacted products

Vendor	Product	Version
oracle	mysql	*
oracle	mysql	5.1.51
oracle	mysql	5.1.52
oracle	mysql	5.1.52
oracle	mysql	5.1.53
oracle	mysql	5.1.54
oracle	mysql	5.1.55
oracle	mysql	5.1.56
oracle	mysql	5.1.57
oracle	mysql	5.1.58
oracle	mysql	5.1.59
oracle	mysql	5.1.60
oracle	mysql	5.1.61
oracle	mysql	5.1.62
oracle	mysql	5.1.63
oracle	mysql	5.1.64
oracle	mysql	5.1.65
oracle	mysql	5.1.66
oracle	mysql	5.1.67
oracle	mysql	5.5.10
oracle	mysql	5.5.11
oracle	mysql	5.5.12
oracle	mysql	5.5.13
oracle	mysql	5.5.14
oracle	mysql	5.5.15
oracle	mysql	5.5.16
oracle	mysql	5.5.17
oracle	mysql	5.5.18
oracle	mysql	5.5.19
oracle	mysql	5.5.20
oracle	mysql	5.5.21
oracle	mysql	5.5.22
oracle	mysql	5.5.23
oracle	mysql	5.5.24
oracle	mysql	5.5.25
oracle	mysql	5.5.25
oracle	mysql	5.5.26
oracle	mysql	5.5.27
mariadb	mariadb	5.1.41
mariadb	mariadb	5.1.42
mariadb	mariadb	5.1.44
mariadb	mariadb	5.1.47
mariadb	mariadb	5.1.49
mariadb	mariadb	5.1.50
mariadb	mariadb	5.1.51
mariadb	mariadb	5.1.53
mariadb	mariadb	5.1.55
mariadb	mariadb	5.1.60
mariadb	mariadb	5.1.61
mariadb	mariadb	5.1.62
mariadb	mariadb	5.2.0
mariadb	mariadb	5.2.1
mariadb	mariadb	5.2.2
mariadb	mariadb	5.2.3
mariadb	mariadb	5.2.4
mariadb	mariadb	5.2.5
mariadb	mariadb	5.2.6
mariadb	mariadb	5.2.7
mariadb	mariadb	5.2.8
mariadb	mariadb	5.2.9
mariadb	mariadb	5.2.10
mariadb	mariadb	5.2.11
mariadb	mariadb	5.2.12
mariadb	mariadb	5.3.0
mariadb	mariadb	5.3.1
mariadb	mariadb	5.3.2
mariadb	mariadb	5.3.3
mariadb	mariadb	5.3.4
mariadb	mariadb	5.3.5
mariadb	mariadb	5.3.6
mariadb	mariadb	5.3.7
mariadb	mariadb	5.5.20
mariadb	mariadb	5.5.21
mariadb	mariadb	5.5.22
mariadb	mariadb	5.5.23
mariadb	mariadb	5.5.24
mariadb	mariadb	5.5.25

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFB1893D-61DC-4FFF-8BC0-68A8D6A28A71",
              "versionEndIncluding": "5.5.28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E1D047-8CCC-4C1F-B151-B937CDA06295",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "950EB4D1-6328-41C9-8739-46529C043615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.52:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "36618CD5-C8DE-4356-B53D-EB12A8F3AEC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E1B28CE-BFE1-4331-90F9-E6BA672BDAA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "B43FDCD2-6FB0-4606-8357-B0F63368C6CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "49DC76BF-857D-4CCE-B772-CA73AB14EABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CEB039-C129-4C0C-AA90-89A816F96052",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "8656BD5D-2A3F-48DA-8FEB-FFDD7DA557A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "E504B098-BFC4-418C-AD24-F9A02E59DD3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EBB49CB-C15F-4F5B-B4B8-2C1B91A6A841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED264D57-BD4F-4020-B120-9DC3175D106F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "86C2079F-93E8-4EE3-BE75-836807D93AA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AF9060C-9469-48DA-858A-BB42E77AF88F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.63:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E268D9E-0C18-4257-8820-634B7357BEE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "0942892C-2106-4F1F-AEBE-78C1CF55E363",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE6C87CE-8BA5-4701-B295-7672AF52E6B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.66:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EABA08A-81F1-46ED-BF57-FA63229DDCE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.67:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FD6AA9F-7F35-4522-B396-C2179ED9B490",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "312DACA6-F414-4EA8-A817-6E1C506AF780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6095FC85-BF0E-423C-9311-0B6387E91F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0E8107-CAEA-44D7-B82D-2571F7A7E65B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB58C978-1FBE-4BF9-A473-C99FBF943484",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.5.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "5079BA1C-B1A7-4298-BC8A-EBD63AA45186",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.5.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "94F7A061-66FE-4EAD-918B-6C4500A21BE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.5.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "DED856E3-69A6-4681-B1EF-871810E8F7C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.5.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "C147F1EE-29ED-4211-9F7E-8D0172BD0045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.5.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "0812F864-91E0-4B3E-9CB3-33B7514B9330",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E105E9-FE65-4B75-9818-D3897294E941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.5.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCC68032-1200-4506-A678-E7DF474E9C28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "19518B17-0C4B-4589-BB41-87DAF0AB4BC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "54047553-C08F-474C-8650-89AAAC68056B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "41EE02F4-02F7-49A3-AFCA-C20BA2AF65C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "97045EB4-F22C-4694-BFB2-C1EA72705206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.5.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "88DC6246-988E-4259-8BAF-4F104ED12936",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.5.25:a:*:*:*:*:*:*",
              "matchCriteriaId": "C34D221E-E9D9-4A1D-B3BC-CB66456D004B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.5.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FF95406-DAA6-4164-95CE-F88F19C8DE24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.5.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "65EF36A4-EC77-46FA-B9E9-24B8DBC71BE2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.1.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "86D9BEC1-F4C2-4BE6-A608-D8958A032972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.1.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "77F04B12-6063-4BAB-A69B-F1F19CC3FFB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.1.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A77E458-3AE9-4B02-9A9F-A640DAE073B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.1.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF78DF61-E6C3-4E92-A8B9-843698D03D18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.1.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "56F2A57F-2CDD-48F8-AC92-1E599875E704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.1.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F2BAD43-DDF2-4830-A844-8A6F18EF98CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.1.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB1ECEF-8420-41CF-9CFD-AD551BB04C9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.1.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4C45914-1CB3-440F-AB7B-564B3A09D9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.1.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "581E047E-339B-4CB4-ADA9-AF25BE0345B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.1.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "C16A0D77-DA95-41D7-9BE2-7B306AF9FF6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.1.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4BAE0F1-010D-47D8-B65E-335EF455C951",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.1.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "91DD3FC9-2530-4BAA-929A-6D4E96868B74",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "552E49DC-80FD-4422-9341-44CE0C127027",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDEAEFC9-9C50-44F9-8D8C-FAC18F706DAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92BD73CE-88F8-4DF0-8293-FBE1FEC8BAB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B438CEA-C321-4B48-8610-9E0CABA7F9B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C584AF-64B0-4DCB-9E36-E60170654D03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DD15542-FBFB-4513-BC42-5EE63247313D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "98247C01-F906-426A-B5C6-5A3905B83027",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7C92F3-D18F-47B8-A6D7-2DD210B0BC77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "323BDFDE-FA24-4169-8BD4-C7978C4FDBBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FA479ED-0B6B-464A-B476-82C5C4E05D20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EFF6DF6-DE51-49EA-B745-4EBC20814E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8B00856-5DDC-415A-98AC-62736B9C2DA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC6B5FF9-7A46-46D9-BEA2-2146F958E6BD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0122E5B-7EBF-431A-B144-45F945099FE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59BC8D7B-866E-42E5-9EF9-E8F487AE21C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A1982C3-4F1B-4B62-AB75-0FE88EA1BC33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49A3AD71-6E48-40CF-BA9D-75B6D8D02B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0CBE6FE-12C8-4E5E-990E-9E4859862A80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACBBA64F-F39C-422A-9FDB-72372B6C4320",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "43121525-06CD-4C4A-A4C0-5AC26CDB275F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "72855B60-229B-4AB9-9786-1EDDA8F16DAB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.5.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "F99E43D2-D49C-4990-B683-2E26D58DB816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "C082352C-DFE1-461A-9803-C180021144A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "F49B9C56-71B4-4B1B-ABD8-CFE56A4F0816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA16095-E56A-4523-B738-2C4E86CEF603",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "917846BE-1D70-4121-8065-F97F3D710244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:5.5.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "7140FE2C-C06C-4005-958C-B00D3CEC6333",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log.  NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en el c\u00f3digo de replicaci\u00f3n de Oracle en MySQL v5.5.29 posiblemente antes, y MariaDB v5.1.x hasta v5.1.62, v5.2.x hasta v5.2.12, v5.3.x hasta v5.3.7 y v5.5.x hasta v5.5.25 que permiten a usuarios remotos autenticados ejecutar comandos SQL a trav\u00e9s de vectores relacionados con el registro binario. NOTA: a partir de 20130116, Oracle no se ha pronunciado sobre las alegaciones de un proveedor de bajo nivel en las que se explica que la correcci\u00f3n de MySQL v5.5.29 es incompleta."
    }
  ],
  "id": "CVE-2012-4414",
  "lastModified": "2026-04-29T01:13:23.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-01-22T23:55:02.650",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://bugs.mysql.com/bug.php?id=66550"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/09/11/4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/55498"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=852144"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://mariadb.atlassian.net/browse/MDEV-382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.mysql.com/bug.php?id=66550"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/09/11/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/55498"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=852144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://mariadb.atlassian.net/browse/MDEV-382"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-4414 (GCVE-0-2012-4414)

Vulnerability from cvelistv5 – Published: 2013-01-22 23:00 – Updated: 2024-08-06 20:35

Summary

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	https://mariadb.atlassian.net/browse/MDEV-382	x_refsource_CONFIRM
	http://www.mysqlperformanceblog.com/2013/01/13/cv…	x_refsource_MISC
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2012/09/11/4	mailing-listx_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=852144	x_refsource_CONFIRM
	http://bugs.mysql.com/bug.php?id=66550	x_refsource_MISC
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.securityfocus.com/bid/55498	vdb-entryx_refsource_BID

Date Public ?

2012-09-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:35:09.480Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://mariadb.atlassian.net/browse/MDEV-382"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/"
          },
          {
            "name": "MDVSA-2013:102",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102"
          },
          {
            "name": "openSUSE-SU-2013:0156",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html"
          },
          {
            "name": "openSUSE-SU-2013:0135",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html"
          },
          {
            "name": "openSUSE-SU-2013:0011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html"
          },
          {
            "name": "openSUSE-SU-2013:0014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html"
          },
          {
            "name": "[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/09/11/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=852144"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.mysql.com/bug.php?id=66550"
          },
          {
            "name": "MDVSA-2013:150",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
          },
          {
            "name": "55498",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/55498"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log.  NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-12-02T13:57:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://mariadb.atlassian.net/browse/MDEV-382"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/"
        },
        {
          "name": "MDVSA-2013:102",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102"
        },
        {
          "name": "openSUSE-SU-2013:0156",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html"
        },
        {
          "name": "openSUSE-SU-2013:0135",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html"
        },
        {
          "name": "openSUSE-SU-2013:0011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html"
        },
        {
          "name": "openSUSE-SU-2013:0014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html"
        },
        {
          "name": "[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/09/11/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=852144"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.mysql.com/bug.php?id=66550"
        },
        {
          "name": "MDVSA-2013:150",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
        },
        {
          "name": "55498",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/55498"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-4414",
    "datePublished": "2013-01-22T23:00:00.000Z",
    "dateReserved": "2012-08-21T00:00:00.000Z",
    "dateUpdated": "2024-08-06T20:35:09.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2012-4414

CVE-2012-4414 (GCVE-0-2012-4414)

Tags

Sightings

Nomenclature