CVE-2009-0819

sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
mysqlmysql
𝑥
≤ 5.1.32-bzr
mysqlmysql
5.1.23
mysqlmysql
5.1.31
mysqlmysql
6.0.9
mysqlmysql
6.0.10-bzr
oraclemysql
5.1
oraclemysql
5.1.1
oraclemysql
5.1.2
oraclemysql
5.1.3
oraclemysql
5.1.10
oraclemysql
5.1.11
oraclemysql
5.1.12
oraclemysql
5.1.13
oraclemysql
5.1.14
oraclemysql
5.1.15
oraclemysql
5.1.16
oraclemysql
5.1.17
oraclemysql
5.1.18
oraclemysql
5.1.19
oraclemysql
5.1.20
oraclemysql
5.1.21
oraclemysql
5.1.22
oraclemysql
5.1.23:a
oraclemysql
5.1.24
oraclemysql
5.1.25
oraclemysql
5.1.26
oraclemysql
5.1.27
oraclemysql
5.1.28
oraclemysql
5.1.29
oraclemysql
5.1.30
oraclemysql
5.1.31:sp1
oraclemysql
6.0.0
oraclemysql
6.0.1
oraclemysql
6.0.2
oraclemysql
6.0.3
oraclemysql
6.0.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mysql-5.1
maverick
not-affected
lucid
dne
karmic
dne
jaunty
dne
hardy
dne
dapper
dne
mysql-dfsg-5.0
maverick
dne
lucid
dne
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
ignored
dapper
not-affected
mysql-dfsg-5.1
maverick
dne
lucid
not-affected
karmic
not-affected
jaunty
ignored
intrepid
dne
hardy
dne
dapper
dne
References
http://bugs.mysql.com/bug.php?id=42495
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html
http://secunia.com/advisories/34115
http://www.securityfocus.com/bid/33972
http://www.securitytracker.com/id?1021786
http://www.vupen.com/english/advisories/2009/0594
https://exchange.xforce.ibmcloud.com/vulnerabilities/49050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7544
http://bugs.mysql.com/bug.php?id=42495
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html
http://secunia.com/advisories/34115
http://www.securityfocus.com/bid/33972
http://www.securitytracker.com/id?1021786
http://www.vupen.com/english/advisories/2009/0594
https://exchange.xforce.ibmcloud.com/vulnerabilities/49050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7544