CVE-2009-4019

EUVD-2009-3990
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
mysqlmysql
5.0.0
mysqlmysql
5.0.1
mysqlmysql
5.0.2
mysqlmysql
5.0.3
mysqlmysql
5.0.4
mysqlmysql
5.0.5
mysqlmysql
5.0.5.0.21
mysqlmysql
5.0.10
mysqlmysql
5.0.15
mysqlmysql
5.0.16
mysqlmysql
5.0.17
mysqlmysql
5.0.20
mysqlmysql
5.0.22.1.0.1
mysqlmysql
5.0.24
mysqlmysql
5.0.30
mysqlmysql
5.0.36
mysqlmysql
5.0.44
mysqlmysql
5.0.54
mysqlmysql
5.0.56
mysqlmysql
5.0.60
mysqlmysql
5.0.66
mysqlmysql
5.0.82
mysqlmysql
5.1.5
mysqlmysql
5.1.23
mysqlmysql
5.1.32
oraclemysql
5.0.0:alpha
oraclemysql
5.0.3:beta
oraclemysql
5.0.6
oraclemysql
5.0.7
oraclemysql
5.0.8
oraclemysql
5.0.11
oraclemysql
5.0.12
oraclemysql
5.0.13
oraclemysql
5.0.14
oraclemysql
5.0.18
oraclemysql
5.0.19
oraclemysql
5.0.21
oraclemysql
5.0.22
oraclemysql
5.0.23
oraclemysql
5.0.25
oraclemysql
5.0.26
oraclemysql
5.0.27
oraclemysql
5.0.30:sp1
oraclemysql
5.0.32
oraclemysql
5.0.33
oraclemysql
5.0.37
oraclemysql
5.0.38
oraclemysql
5.0.41
oraclemysql
5.0.42
oraclemysql
5.0.45
oraclemysql
5.0.50
oraclemysql
5.0.51
oraclemysql
5.0.51a:a
oraclemysql
5.0.52
oraclemysql
5.0.75
oraclemysql
5.0.77
oraclemysql
5.0.81
oraclemysql
5.0.83
oraclemysql
5.1
oraclemysql
5.1.1
oraclemysql
5.1.2
oraclemysql
5.1.3
oraclemysql
5.1.4
oraclemysql
5.1.6
oraclemysql
5.1.7
oraclemysql
5.1.8
oraclemysql
5.1.9
oraclemysql
5.1.10
oraclemysql
5.1.11
oraclemysql
5.1.12
oraclemysql
5.1.13
oraclemysql
5.1.14
oraclemysql
5.1.15
oraclemysql
5.1.16
oraclemysql
5.1.17
oraclemysql
5.1.18
oraclemysql
5.1.19
oraclemysql
5.1.20
oraclemysql
5.1.21
oraclemysql
5.1.22
oraclemysql
5.1.30
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mysql-5.1
dapper
dne
hardy
dne
jaunty
dne
karmic
dne
lucid
dne
maverick
not-affected
natty
not-affected
mysql-dfsg
dapper
ignored
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
lucid
dne
maverick
dne
natty
dne
mysql-dfsg-4.1
dapper
ignored
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
lucid
dne
maverick
dne
natty
dne
mysql-dfsg-5.0
dapper
Fixed 5.0.22-0ubuntu6.06.12
released
hardy
Fixed 5.0.51a-3ubuntu5.5
released
intrepid
Fixed 5.0.67-0ubuntu6.1
released
jaunty
Fixed 5.1.30really5.0.75-0ubuntu10.3
released
karmic
ignored
lucid
dne
maverick
dne
natty
dne
mysql-dfsg-5.1
dapper
dne
hardy
dne
intrepid
dne
jaunty
ignored
karmic
Fixed 5.1.37-1ubuntu5.1
released
lucid
not-affected
maverick
dne
natty
dne
References
http://bugs.mysql.com/47780
http://bugs.mysql.com/48291
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
http://marc.info/?l=oss-security&m=125881733826437&w=2
http://marc.info/?l=oss-security&m=125883754215621&w=2
http://marc.info/?l=oss-security&m=125901161824278&w=2
http://secunia.com/advisories/37717
http://secunia.com/advisories/38517
http://secunia.com/advisories/38573
http://support.apple.com/kb/HT4077
http://ubuntu.com/usn/usn-897-1
http://www.debian.org/security/2010/dsa-1997
http://www.redhat.com/support/errata/RHSA-2010-0109.html
http://www.ubuntu.com/usn/USN-1397-1
http://www.vupen.com/english/advisories/2010/1107
https://bugzilla.redhat.com/show_bug.cgi?id=540906
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11349
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8500
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00764.html
http://bugs.mysql.com/47780
http://bugs.mysql.com/48291
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
http://marc.info/?l=oss-security&m=125881733826437&w=2
http://marc.info/?l=oss-security&m=125883754215621&w=2
http://marc.info/?l=oss-security&m=125901161824278&w=2
http://secunia.com/advisories/37717
http://secunia.com/advisories/38517
http://secunia.com/advisories/38573
http://support.apple.com/kb/HT4077
http://ubuntu.com/usn/usn-897-1
http://www.debian.org/security/2010/dsa-1997
http://www.redhat.com/support/errata/RHSA-2010-0109.html
http://www.ubuntu.com/usn/USN-1397-1
http://www.vupen.com/english/advisories/2010/1107
https://bugzilla.redhat.com/show_bug.cgi?id=540906
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11349
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8500
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00764.html