4 - CVE-2010-3840

Executive Summary

Informations
Name	CVE-2010-3840	First vendor Publication	2011-01-14
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Cvss Base Score	4	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	8	Authentication	Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3840

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12161

Oval ID:	oval:org.mitre.oval:def:12161
Title:	DSA-2143-1 mysql-dfsg-5.0 -- several vulnerabilities
Description:	Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3677 It was discovered that MySQL allows remote authenticated users to cause a denial of service via a join query that uses a table with a unique SET column. CVE-2010-3680 It was discovered that MySQL allows remote authenticated users to cause a denial of service by creating temporary tables while using InnoDB, which triggers an assertion failure. CVE-2010-3681 It was discovered that MySQL allows remote authenticated users to cause a denial of service by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure. CVE-2010-3682 It was discovered that MySQL incorrectly handled use of EXPLAIN with certain queries. An authenticated user could crash the server. CVE-2010-3833 It was discovered that MySQL incorrectly handled propagation during evaluation of arguments to extreme-value functions. An authenticated user could crash the server. CVE-2010-3834 It was discovered that MySQL incorrectly handled materializing a derived table that required a temporary table for grouping. An authenticated user could crash the server. CVE-2010-3835 It was discovered that MySQL incorrectly handled certain user-variable assignment expressions that are evaluated in a logical expression context. An authenticated user could crash the server. CVE-2010-3836 It was discovered that MySQL incorrectly handled pre-evaluation of LIKE predicates during view preparation. An authenticated user could crash the server. CVE-2010-3837 It was discovered that MySQL incorrectly handled using GROUP_CONCAT and WITH ROLLUP together. An authenticated user could crash the server. CVE-2010-3838 It was discovered that MySQL incorrectly handled certain queries using a mixed list of numeric and LONGBLOB arguments to the GREATEST or LEAST functions. An authenticated user could crash the server. CVE-2010-3840 It was discovered that MySQL incorrectly handled improper WKB data passed to the PolyFromWKB function. An authenticated user could crash the server.
Family:	unix	Class:	patch
Reference(s):	DSA-2143-1 CVE-2010-3677 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3833 CVE-2010-3834 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3840	Version:	5
Platform(s):	Debian GNU/Linux 5.0	Product(s):	mysql-dfsg-5.0
Definition Synopsis:
Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND mysql-dfsg-5.0 DPKG is earlier than 5.0.51a-24+lenny5

Definition Id: oval:org.mitre.oval:def:13602

Oval ID:	oval:org.mitre.oval:def:13602
Title:	USN-1017-1 -- mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities
Description:	It was discovered that MySQL incorrectly handled certain requests with the UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled joins involving a table with a unique SET column. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled NULL arguments to IN or CASE operations. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled malformed arguments to the BINLOG statement. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled the use of TEMPORARY InnoDB tables with nullable columns. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled alternate reads from two indexes on a table using the HANDLER interface. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled use of EXPLAIN with certain queries. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled error reporting when using LOAD DATA INFILE and would incorrectly raise an assert in certain circumstances. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled propagation during evaluation of arguments to extreme-value functions. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. It was discovered that MySQL incorrectly handled materializing a derived table that required a temporary table for grouping. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly handled certain user-variable assignment expressions that are evaluated in a logical expression context. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. It was discovered that MySQL incorrectly handled pre-evaluation of LIKE predicates during view preparation. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly handled using GROUP_CONCAT and WITH ROLLUP together. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly handled certain queries using a mixed list of numeric and LONGBLOB arguments to the GREATEST or LEAST functions. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly handled queries with nested joins when used from stored procedures and prepared statements. An authenticated user could exploit this to make MySQL hang, causing a denial of service. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. It was discovered that MySQL incorrectly handled improper WKB data passed to the PolyFromWKB function. An authenticated user could exploit this to make MySQL crash, causing a denial of service
Family:	unix	Class:	patch
Reference(s):	USN-1017-1 CVE-2010-2008 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 CVE-2010-3833 CVE-2010-3834 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840	Version:	5
Platform(s):	Ubuntu 8.04 Ubuntu 10.10 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06	Product(s):	mysql-5.1 mysql-dfsg-5.0 mysql-dfsg-5.1
Definition Synopsis:
Release section Ubuntu 8.04 is installed AND Architecture section Architecture independet section Installed architecture is all AND Packages section mysql-client DPKG is earlier than 5.0.51a-3ubuntu5.8 AND mysql-common DPKG is earlier than 5.0.51a-3ubuntu5.8 AND mysql-server DPKG is earlier than 5.0.51a-3ubuntu5.8 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libmysqlclient15-dev DPKG is earlier than 5.0.51a-3ubuntu5.8 AND mysql-client-5.0 DPKG is earlier than 5.0.51a-3ubuntu5.8 AND mysql-server-5.0 DPKG is earlier than 5.0.51a-3ubuntu5.8 AND libmysqlclient15off DPKG is earlier than 5.0.51a-3ubuntu5.8 OR Release section Ubuntu 10.10 is installed AND Architecture section Architecture independet section Installed architecture is all AND Packages section mysql-client DPKG is earlier than 5.1.49-1ubuntu8.1 AND libmysqlclient16-dev DPKG is earlier than 5.1.49-1ubuntu8.1 AND mysql-common DPKG is earlier than 5.1.49-1ubuntu8.1 AND mysql-server DPKG is earlier than 5.1.49-1ubuntu8.1 OR Architecture depended section Supported architectures section Installed architecture is powerpc AND Installed architecture is armel AND Installed architecture is amd64 AND Installed architecture is i386 AND Packages section libmysqlclient-dev DPKG is earlier than 5.1.49-1ubuntu8.1 AND libmysqld-pic DPKG is earlier than 5.1.49-1ubuntu8.1 AND mysql-client-core-5.1 DPKG is earlier than 5.1.49-1ubuntu8.1 AND mysql-client-5.1 DPKG is earlier than 5.1.49-1ubuntu8.1 AND libmysqlclient16 DPKG is earlier than 5.1.49-1ubuntu8.1 AND mysql-testsuite DPKG is earlier than 5.1.49-1ubuntu8.1 AND mysql-server-5.1 DPKG is earlier than 5.1.49-1ubuntu8.1 AND libmysqld-dev DPKG is earlier than 5.1.49-1ubuntu8.1 AND mysql-server-core-5.1 DPKG is earlier than 5.1.49-1ubuntu8.1 OR Release section Ubuntu 10.04 is installed AND Architecture section Architecture independet section Installed architecture is all AND Packages section mysql-client DPKG is earlier than 5.1.41-3ubuntu12.7 AND libmysqlclient16-dev DPKG is earlier than 5.1.41-3ubuntu12.7 AND mysql-common DPKG is earlier than 5.1.41-3ubuntu12.7 AND mysql-server DPKG is earlier than 5.1.41-3ubuntu12.7 OR Architecture depended section Supported architectures section Installed architecture is powerpc AND Installed architecture is armel AND Installed architecture is amd64 AND Installed architecture is i386 AND Packages section libmysqlclient-dev DPKG is earlier than 5.1.41-3ubuntu12.7 AND libmysqld-pic DPKG is earlier than 5.1.41-3ubuntu12.7 AND mysql-client-core-5.1 DPKG is earlier than 5.1.41-3ubuntu12.7 AND mysql-client-5.1 DPKG is earlier than 5.1.41-3ubuntu12.7 AND libmysqlclient16 DPKG is earlier than 5.1.41-3ubuntu12.7 AND mysql-testsuite DPKG is earlier than 5.1.41-3ubuntu12.7 AND mysql-server-5.1 DPKG is earlier than 5.1.41-3ubuntu12.7 AND libmysqld-dev DPKG is earlier than 5.1.41-3ubuntu12.7 AND mysql-server-core-5.1 DPKG is earlier than 5.1.41-3ubuntu12.7 OR Release section Ubuntu 9.10 is installed AND Architecture section Architecture independet section Installed architecture is all AND Packages section mysql-client DPKG is earlier than 5.1.37-1ubuntu5.5 AND libmysqlclient16-dev DPKG is earlier than 5.1.37-1ubuntu5.5 AND mysql-common DPKG is earlier than 5.1.37-1ubuntu5.5 AND mysql-server DPKG is earlier than 5.1.37-1ubuntu5.5 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is lpia AND Packages section libmysqlclient-dev DPKG is earlier than 5.1.37-1ubuntu5.5 AND libmysqld-pic DPKG is earlier than 5.1.37-1ubuntu5.5 AND mysql-client-5.1 DPKG is earlier than 5.1.37-1ubuntu5.5 AND libmysqlclient16 DPKG is earlier than 5.1.37-1ubuntu5.5 AND mysql-server-5.1 DPKG is earlier than 5.1.37-1ubuntu5.5 AND libmysqld-dev DPKG is earlier than 5.1.37-1ubuntu5.5 AND mysql-server-core-5.1 DPKG is earlier than 5.1.37-1ubuntu5.5 OR Release section Ubuntu 6.06 is installed AND Architecture section Architecture independet section Installed architecture is all AND Packages section mysql-client DPKG is earlier than 5.0.22-0ubuntu6.06.15 AND mysql-common DPKG is earlier than 5.0.22-0ubuntu6.06.15 AND mysql-server DPKG is earlier than 5.0.22-0ubuntu6.06.15 OR Architecture depended section Supported architectures section Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is amd64 AND Installed architecture is i386 AND Packages section libmysqlclient15-dev DPKG is earlier than 5.0.22-0ubuntu6.06.15 AND mysql-client-5.0 DPKG is earlier than 5.0.22-0ubuntu6.06.15 AND libmysqlclient15off DPKG is earlier than 5.0.22-0ubuntu6.06.15 AND mysql-server-5.0 DPKG is earlier than 5.0.22-0ubuntu6.06.15

Definition Id: oval:org.mitre.oval:def:21911

Oval ID:	oval:org.mitre.oval:def:21911
Title:	RHSA-2011:0164: mysql security update (Moderate)
Description:	The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
Family:	unix	Class:	patch
Reference(s):	RHSA-2011:0164-01 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840	Version:	185
Platform(s):	Red Hat Enterprise Linux 6	Product(s):	mysql
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section mysql-embedded-devel is earlier than 0:5.1.52-1.el6_0.1 AND mysql-server is earlier than 0:5.1.52-1.el6_0.1 AND mysql-bench is earlier than 0:5.1.52-1.el6_0.1 AND mysql-libs is earlier than 0:5.1.52-1.el6_0.1 AND mysql-embedded is earlier than 0:5.1.52-1.el6_0.1 AND mysql-test is earlier than 0:5.1.52-1.el6_0.1 AND mysql is earlier than 0:5.1.52-1.el6_0.1 AND mysql-devel is earlier than 0:5.1.52-1.el6_0.1

Definition Id: oval:org.mitre.oval:def:22337

Oval ID:	oval:org.mitre.oval:def:22337
Title:	RHSA-2010:0825: mysql security update (Moderate)
Description:	The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
Family:	unix	Class:	patch
Reference(s):	RHSA-2010:0825-01 CESA-2010:0825 CVE-2010-3677 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840	Version:	146
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	mysql
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section mysql-test is earlier than 0:5.0.77-4.el5_5.4 AND mysql is earlier than 0:5.0.77-4.el5_5.4 AND mysql-server is earlier than 0:5.0.77-4.el5_5.4 AND mysql-bench is earlier than 0:5.0.77-4.el5_5.4 AND mysql-devel is earlier than 0:5.0.77-4.el5_5.4

Definition Id: oval:org.mitre.oval:def:22961

Oval ID:	oval:org.mitre.oval:def:22961
Title:	ELSA-2011:0164: mysql security update (Moderate)
Description:	The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
Family:	unix	Class:	patch
Reference(s):	ELSA-2011:0164-01 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840	Version:	61
Platform(s):	Oracle Linux 6	Product(s):	mysql
Definition Synopsis:
Oracle Linux 6.x rpm test mysql-embedded-devel is earlier than 0:5.1.52-1.el6_0.1 AND mysql-server is earlier than 0:5.1.52-1.el6_0.1 AND mysql-bench is earlier than 0:5.1.52-1.el6_0.1 AND mysql-libs is earlier than 0:5.1.52-1.el6_0.1 AND mysql-embedded is earlier than 0:5.1.52-1.el6_0.1 AND mysql-test is earlier than 0:5.1.52-1.el6_0.1 AND mysql is earlier than 0:5.1.52-1.el6_0.1 AND mysql-devel is earlier than 0:5.1.52-1.el6_0.1

Definition Id: oval:org.mitre.oval:def:23210

Oval ID:	oval:org.mitre.oval:def:23210
Title:	ELSA-2010:0825: mysql security update (Moderate)
Description:	The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
Family:	unix	Class:	patch
Reference(s):	ELSA-2010:0825-01 CVE-2010-3677 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840	Version:	49
Platform(s):	Oracle Linux 5	Product(s):	mysql
Definition Synopsis:
Oracle Linux 5.x rpm test mysql-test is earlier than 0:5.0.77-4.el5_5.4 AND mysql is earlier than 0:5.0.77-4.el5_5.4 AND mysql-server is earlier than 0:5.0.77-4.el5_5.4 AND mysql-bench is earlier than 0:5.0.77-4.el5_5.4 AND mysql-devel is earlier than 0:5.0.77-4.el5_5.4

Definition Id: oval:org.mitre.oval:def:27723

Oval ID:	oval:org.mitre.oval:def:27723
Title:	DEPRECATED: ELSA-2010-0825 -- mysql security update (moderate)
Description:	[5.0.77-4.4] - Add fixes for CVE-2010-3677, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3833, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838, CVE-2010-3839, CVE-2010-3840 Resolves: #645642 - Backpatch strmov fix so that code can be tested on more recent platforms
Family:	unix	Class:	patch
Reference(s):	ELSA-2010-0825 CVE-2010-3677 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	mysql
Definition Synopsis:
Oracle Linux 5.x Packages match section mysql is earlier than 0:5.0.77-4.el5_5.4 AND mysql-bench is earlier than 0:5.0.77-4.el5_5.4 AND mysql-devel is earlier than 0:5.0.77-4.el5_5.4 AND mysql-server is earlier than 0:5.0.77-4.el5_5.4 AND mysql-test is earlier than 0:5.0.77-4.el5_5.4

Definition Id: oval:org.mitre.oval:def:28197

Oval ID:	oval:org.mitre.oval:def:28197
Title:	DEPRECATED: ELSA-2011-0164 -- mysql security update (moderate)
Description:	[5.1.52-1.1] - Update to MySQL 5.1.52, for various fixes described at http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html including numerous small security issues Resolves: #652553 - Sync with current Fedora package; this includes: - Duplicate COPYING and EXCEPTIONS-CLIENT in -libs and -embedded subpackages, to ensure they are available when any subset of mysql RPMs are installed, per revised packaging guidelines - Allow init script's STARTTIMEOUT/STOPTIMEOUT to be overridden from sysconfig
Family:	unix	Class:	patch
Reference(s):	ELSA-2011-0164 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	mysql
Definition Synopsis:
Oracle Linux 6.x Packages match section mysql is earlier than 0:5.1.52-1.el6_0.1 AND mysql-bench is earlier than 0:5.1.52-1.el6_0.1 AND mysql-devel is earlier than 0:5.1.52-1.el6_0.1 AND mysql-embedded is earlier than 0:5.1.52-1.el6_0.1 AND mysql-embedded-devel is earlier than 0:5.1.52-1.el6_0.1 AND mysql-libs is earlier than 0:5.1.52-1.el6_0.1 AND mysql-server is earlier than 0:5.1.52-1.el6_0.1 AND mysql-test is earlier than 0:5.1.52-1.el6_0.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Oracle Mysql cpe:2.3:a:oracle:mysql:5.1.9:::::::* cpe:2.3:a:oracle:mysql:5.1.8:::::::* cpe:2.3:a:oracle:mysql:5.1.7:::::::* cpe:2.3:a:oracle:mysql:5.1.6:::::::* cpe:2.3:a:oracle:mysql:5.1.50:::::::* cpe:2.3:a:oracle:mysql:5.1.5:-:::::: cpe:2.3:a:oracle:mysql:5.1.49:::::::* cpe:2.3:a:oracle:mysql:5.1.49:sp1:::::: cpe:2.3:a:oracle:mysql:5.1.48:::::::* cpe:2.3:a:oracle:mysql:5.1.47:::::::* cpe:2.3:a:oracle:mysql:5.1.46:::::::* cpe:2.3:a:oracle:mysql:5.1.46:sp1:::::: cpe:2.3:a:oracle:mysql:5.1.45:::::::* cpe:2.3:a:oracle:mysql:5.1.44:::::::* cpe:2.3:a:oracle:mysql:5.1.43:::::::* cpe:2.3:a:oracle:mysql:5.1.43:sp1:::::: cpe:2.3:a:oracle:mysql:5.1.42:::::::* cpe:2.3:a:oracle:mysql:5.1.41:::::::* cpe:2.3:a:oracle:mysql:5.1.40:sp1:::::: cpe:2.3:a:oracle:mysql:5.1.40:::::::* cpe:2.3:a:oracle:mysql:5.1.4:::::::* cpe:2.3:a:oracle:mysql:5.1.39:::::::* cpe:2.3:a:oracle:mysql:5.1.38:::::::* cpe:2.3:a:oracle:mysql:5.1.37:sp1:::::: cpe:2.3:a:oracle:mysql:5.1.37:-:::::: cpe:2.3:a:oracle:mysql:5.1.36:::::::* cpe:2.3:a:oracle:mysql:5.1.35:::::::* cpe:2.3:a:oracle:mysql:5.1.34:sp1:::::: cpe:2.3:a:oracle:mysql:5.1.34:-:::::: cpe:2.3:a:oracle:mysql:5.1.33:::::::* cpe:2.3:a:oracle:mysql:5.1.32:-:::::: cpe:2.3:a:oracle:mysql:5.1.31:sp1:::::: cpe:2.3:a:oracle:mysql:5.1.31:-:::::: cpe:2.3:a:oracle:mysql:5.1.30:::::::* cpe:2.3:a:oracle:mysql:5.1.3:::::::* cpe:2.3:a:oracle:mysql:5.1.29:::::::* cpe:2.3:a:oracle:mysql:5.1.28:::::::* cpe:2.3:a:oracle:mysql:5.1.27:::::::* cpe:2.3:a:oracle:mysql:5.1.26:::::::* cpe:2.3:a:oracle:mysql:5.1.25:::::::* cpe:2.3:a:oracle:mysql:5.1.24:::::::* cpe:2.3:a:oracle:mysql:5.1.23:a:::::: cpe:2.3:a:oracle:mysql:5.1.23:-:::::: cpe:2.3:a:oracle:mysql:5.1.22:::::::* cpe:2.3:a:oracle:mysql:5.1.21:::::::* cpe:2.3:a:oracle:mysql:5.1.20:::::::* cpe:2.3:a:oracle:mysql:5.1.2:::::::* cpe:2.3:a:oracle:mysql:5.1.19:::::::* cpe:2.3:a:oracle:mysql:5.1.18:::::::* cpe:2.3:a:oracle:mysql:5.1.17:::::::* cpe:2.3:a:oracle:mysql:5.1.16:::::::* cpe:2.3:a:oracle:mysql:5.1.15:::::::* cpe:2.3:a:oracle:mysql:5.1.14:::::::* cpe:2.3:a:oracle:mysql:5.1.13:::::::* cpe:2.3:a:oracle:mysql:5.1.12:::::::* cpe:2.3:a:oracle:mysql:5.1.11:::::::* cpe:2.3:a:oracle:mysql:5.1.10:::::::* cpe:2.3:a:oracle:mysql:5.1.1:::::::* cpe:2.3:a:oracle:mysql:5.1:::::::*	59

OpenVAS Exploits

Date	Description
2012-06-05	Name : RedHat Update for mysql RHSA-2011:0164-01 File : nvt/gb_RHSA-2011_0164-01_mysql.nasl
2012-03-16	Name : Ubuntu Update for mysql-5.1 USN-1397-1 File : nvt/gb_ubuntu_USN_1397_1.nasl
2012-02-12	Name : Gentoo Security Advisory GLSA 201201-02 (MySQL) File : nvt/glsa_201201_02.nasl
2011-01-21	Name : MySQL 'Gis_line_string::init_from_wkb()' DOS Vulnerability File : nvt/gb_mysql_gis_line_string_dos_vuln.nasl
2010-11-16	Name : CentOS Update for mysql CESA-2010:0824 centos4 i386 File : nvt/gb_CESA-2010_0824_mysql_centos4_i386.nasl
2010-11-16	Name : RedHat Update for mysql RHSA-2010:0824-01 File : nvt/gb_RHSA-2010_0824-01_mysql.nasl
2010-11-16	Name : RedHat Update for mysql RHSA-2010:0825-01 File : nvt/gb_RHSA-2010_0825-01_mysql.nasl
2010-11-16	Name : Mandriva Update for mysql MDVSA-2010:222 (mysql) File : nvt/gb_mandriva_MDVSA_2010_222.nasl
2010-11-16	Name : Mandriva Update for mysql MDVSA-2010:223 (mysql) File : nvt/gb_mandriva_MDVSA_2010_223.nasl
2010-11-16	Name : Ubuntu Update for MySQL vulnerabilities USN-1017-1 File : nvt/gb_ubuntu_USN_1017_1.nasl
2010-11-10	Name : Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities File : nvt/gb_mysql_43676.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
69001	MySQL PolyFromWKB() Function WKB Data Remote DoS MySQL contains a flaw that may allow a remote denial of service. The issue is triggered when an error in the 'PolyFromWKB()' function is exploited through the use of specially crafted WKB data, resulting in a denial of service.

Nessus® Vulnerability Scanner

Date	Description
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_4_libmysqlclusterclient16-110706.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_4_libmysqlclient-devel-110607.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_4_libmariadbclient16-110701.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_libmysqlclusterclient16-110706.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_libmysqlclient-devel-110607.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_libmariadbclient16-110701.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0824.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0825.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0164.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101103_mysql_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110118_mysql_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101103_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-03-13	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1397-1.nasl - Type : ACT_GATHER_INFO
2012-01-06	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201201-02.nasl - Type : ACT_GATHER_INFO
2011-12-13	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysqlclient-devel-111013.nasl - Type : ACT_GATHER_INFO
2011-12-13	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysqlclient-devel-111014.nasl - Type : ACT_GATHER_INFO
2011-01-19	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0164.nasl - Type : ACT_GATHER_INFO
2011-01-17	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2143.nasl - Type : ACT_GATHER_INFO
2010-11-24	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0824.nasl - Type : ACT_GATHER_INFO
2010-11-24	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0825.nasl - Type : ACT_GATHER_INFO
2010-11-12	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1017-1.nasl - Type : ACT_GATHER_INFO
2010-11-10	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-223.nasl - Type : ACT_GATHER_INFO
2010-11-10	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-222.nasl - Type : ACT_GATHER_INFO
2010-11-04	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0825.nasl - Type : ACT_GATHER_INFO
2010-11-04	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0824.nasl - Type : ACT_GATHER_INFO
2010-10-05	Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_1_51.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://bugs.mysql.com/bug.php?id=51875
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
http://lists.mysql.com/commits/117094
http://secunia.com/advisories/42875
http://secunia.com/advisories/42936
http://www.debian.org/security/2011/dsa-2143
http://www.mandriva.com/security/advisories?name=MDVSA-2010:222
http://www.mandriva.com/security/advisories?name=MDVSA-2010:223
http://www.redhat.com/support/errata/RHSA-2010-0824.html
http://www.redhat.com/support/errata/RHSA-2010-0825.html
http://www.redhat.com/support/errata/RHSA-2011-0164.html
http://www.securityfocus.com/bid/43676
http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt
http://www.ubuntu.com/usn/USN-1017-1
http://www.ubuntu.com/usn/USN-1397-1
http://www.vupen.com/english/advisories/2011/0105
http://www.vupen.com/english/advisories/2011/0170
http://www.vupen.com/english/advisories/2011/0345
https://bugzilla.redhat.com/show_bug.cgi?id=640865
https://exchange.xforce.ibmcloud.com/vulnerabilities/64838

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:06:22	Multiple Updates
2024-11-28 12:23:15	Multiple Updates
2024-08-02 12:14:42	Multiple Updates
2024-08-02 01:04:01	Multiple Updates
2024-02-02 01:14:16	Multiple Updates
2024-02-01 12:03:56	Multiple Updates
2023-09-05 12:13:18	Multiple Updates
2023-09-05 01:03:48	Multiple Updates
2023-09-02 12:13:22	Multiple Updates
2023-09-02 01:03:51	Multiple Updates
2023-08-12 12:15:53	Multiple Updates
2023-08-12 01:03:50	Multiple Updates
2023-08-11 12:13:24	Multiple Updates
2023-08-11 01:03:59	Multiple Updates
2023-08-06 12:12:54	Multiple Updates
2023-08-06 01:03:53	Multiple Updates
2023-08-04 12:12:59	Multiple Updates
2023-08-04 01:03:53	Multiple Updates
2023-07-14 12:12:56	Multiple Updates
2023-07-14 01:03:51	Multiple Updates
2023-03-29 01:14:49	Multiple Updates
2023-03-28 12:03:57	Multiple Updates
2022-10-11 12:11:32	Multiple Updates
2022-10-11 01:03:38	Multiple Updates
2021-05-04 12:12:33	Multiple Updates
2021-04-22 01:13:20	Multiple Updates
2020-05-23 00:26:42	Multiple Updates
2018-01-05 09:23:05	Multiple Updates
2017-08-17 09:23:07	Multiple Updates
2016-04-26 20:09:54	Multiple Updates
2014-06-14 13:29:36	Multiple Updates
2014-02-17 10:58:06	Multiple Updates
2013-05-10 23:34:55	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	8
CPE ID(s)	59
Sources(s)	20
osvdb(s)	1
Openvas Exploit(s)	11
Nessus® Exploit(s)	26

	Related
8.5	USN-1397-1
8.5	GLSA-201201-02
6.5	RHSA-2010:0824
5	USN-1017-1
5	RHSA-2011:0164
5	RHSA-2010:0825
5	MDVSA-2010:223
5	MDVSA-2010:222
5	DSA-2143
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 9 more Alert(s)

4 - CVE-2010-3840

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU