CVE-2013-1861
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
28/03/2013
Last modified:
04/08/2022
Description
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* | 5.5.0 (including) | 5.5.32 (excluding) |
| cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* | 10.0.0 (including) | 10.0.4 (excluding) |
| cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* | 5.1.0 (including) | 5.1.69 (including) |
| cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* | 5.5.0 (including) | 5.5.31 (including) |
| cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* | 5.6.0 (including) | 5.6.11 (including) |
| cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* | 5.5.0 (including) | 5.5.32 (excluding) |
| cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* | 10.0.0 (including) | 10.0.4 (excluding) |
| cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.askmonty.org/pipermail/commits/2013-March/004371.html
- http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html
- http://seclists.org/oss-sec/2013/q1/671
- http://secunia.com/advisories/52639
- http://secunia.com/advisories/54300
- http://security.gentoo.org/glsa/glsa-201409-04.xml
- http://www.debian.org/security/2013/dsa-2818
- http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- http://www.osvdb.org/91415
- http://www.securityfocus.com/bid/58511
- http://www.ubuntu.com/usn/USN-1909-1
- https://bugzilla.redhat.com/show_bug.cgi?id=919247
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82895
- https://mariadb.atlassian.net/browse/MDEV-4252