CVE-2010-3678

EUVD-2010-3662
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
mysqlmysql
5.1.5
mysqlmysql
5.1.23
mysqlmysql
5.1.31
mysqlmysql
5.1.32
mysqlmysql
5.1.34
mysqlmysql
5.1.37
oraclemysql
5.1
oraclemysql
5.1.1
oraclemysql
5.1.2
oraclemysql
5.1.3
oraclemysql
5.1.4
oraclemysql
5.1.6
oraclemysql
5.1.7
oraclemysql
5.1.8
oraclemysql
5.1.9
oraclemysql
5.1.10
oraclemysql
5.1.11
oraclemysql
5.1.12
oraclemysql
5.1.13
oraclemysql
5.1.14
oraclemysql
5.1.15
oraclemysql
5.1.16
oraclemysql
5.1.17
oraclemysql
5.1.18
oraclemysql
5.1.19
oraclemysql
5.1.20
oraclemysql
5.1.21
oraclemysql
5.1.22
oraclemysql
5.1.23:a
oraclemysql
5.1.24
oraclemysql
5.1.25
oraclemysql
5.1.26
oraclemysql
5.1.27
oraclemysql
5.1.28
oraclemysql
5.1.29
oraclemysql
5.1.30
oraclemysql
5.1.31:sp1
oraclemysql
5.1.33
oraclemysql
5.1.34:sp1
oraclemysql
5.1.35
oraclemysql
5.1.36
oraclemysql
5.1.37:sp1
oraclemysql
5.1.38
oraclemysql
5.1.39
oraclemysql
5.1.40
oraclemysql
5.1.40:sp1
oraclemysql
5.1.41
oraclemysql
5.1.42
oraclemysql
5.1.43
oraclemysql
5.1.43:sp1
oraclemysql
5.1.44
oraclemysql
5.1.45
oraclemysql
5.1.46
oraclemysql
5.1.46:sp1
oraclemysql
5.1.47
oraclemysql
5.1.48
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mysql-5.1
dapper
dne
hardy
dne
karmic
dne
lucid
dne
maverick
not-affected
natty
not-affected
oneiric
not-affected
mysql-cluster-7.0
dapper
dne
hardy
dne
karmic
dne
lucid
ignored
maverick
ignored
natty
ignored
oneiric
ignored
mysql-dfsg-5.0
dapper
not-affected
hardy
not-affected
karmic
not-affected
lucid
dne
maverick
dne
natty
dne
oneiric
dne
mysql-dfsg-5.1
dapper
dne
hardy
dne
karmic
Fixed 5.1.37-1ubuntu5.5
released
lucid
Fixed 5.1.41-3ubuntu12.7
released
maverick
dne
natty
dne
oneiric
dne
Common Weakness Enumeration
References
http://bugs.mysql.com/bug.php?id=54477
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
http://secunia.com/advisories/42936
http://www.mandriva.com/security/advisories?name=MDVSA-2010:155
http://www.mandriva.com/security/advisories?name=MDVSA-2011:012
http://www.openwall.com/lists/oss-security/2010/09/28/10
http://www.redhat.com/support/errata/RHSA-2011-0164.html
http://www.securityfocus.com/bid/42596
http://www.ubuntu.com/usn/USN-1017-1
http://www.ubuntu.com/usn/USN-1397-1
http://www.vupen.com/english/advisories/2011/0133
http://www.vupen.com/english/advisories/2011/0170
https://bugzilla.redhat.com/show_bug.cgi?id=628172
http://bugs.mysql.com/bug.php?id=54477
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
http://secunia.com/advisories/42936
http://www.mandriva.com/security/advisories?name=MDVSA-2010:155
http://www.mandriva.com/security/advisories?name=MDVSA-2011:012
http://www.openwall.com/lists/oss-security/2010/09/28/10
http://www.redhat.com/support/errata/RHSA-2011-0164.html
http://www.securityfocus.com/bid/42596
http://www.ubuntu.com/usn/USN-1017-1
http://www.ubuntu.com/usn/USN-1397-1
http://www.vupen.com/english/advisories/2011/0133
http://www.vupen.com/english/advisories/2011/0170
https://bugzilla.redhat.com/show_bug.cgi?id=628172