CVE-2012-4414 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:S/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 65%

Affected Products (NVD)

Vendor	Product	Version
oracle	mysql	𝑥 ≤ 5.5.28
oracle	mysql	5.1.51
oracle	mysql	5.1.52
oracle	mysql	5.1.52:sp1
oracle	mysql	5.1.53
oracle	mysql	5.1.54
oracle	mysql	5.1.55
oracle	mysql	5.1.56
oracle	mysql	5.1.57
oracle	mysql	5.1.58
oracle	mysql	5.1.59
oracle	mysql	5.1.60
oracle	mysql	5.1.61
oracle	mysql	5.1.62
oracle	mysql	5.1.63
oracle	mysql	5.1.64
oracle	mysql	5.1.65
oracle	mysql	5.1.66
oracle	mysql	5.1.67
oracle	mysql	5.5.10
oracle	mysql	5.5.11
oracle	mysql	5.5.12
oracle	mysql	5.5.13
oracle	mysql	5.5.14
oracle	mysql	5.5.15
oracle	mysql	5.5.16
oracle	mysql	5.5.17
oracle	mysql	5.5.18
oracle	mysql	5.5.19
oracle	mysql	5.5.20
oracle	mysql	5.5.21
oracle	mysql	5.5.22
oracle	mysql	5.5.23
oracle	mysql	5.5.24
oracle	mysql	5.5.25
oracle	mysql	5.5.25:a
oracle	mysql	5.5.26
oracle	mysql	5.5.27
mariadb	mariadb	5.1.41
mariadb	mariadb	5.1.42
mariadb	mariadb	5.1.44
mariadb	mariadb	5.1.47
mariadb	mariadb	5.1.49
mariadb	mariadb	5.1.50
mariadb	mariadb	5.1.51
mariadb	mariadb	5.1.53
mariadb	mariadb	5.1.55
mariadb	mariadb	5.1.60
mariadb	mariadb	5.1.61
mariadb	mariadb	5.1.62
mariadb	mariadb	5.2.0
mariadb	mariadb	5.2.1
mariadb	mariadb	5.2.2
mariadb	mariadb	5.2.3
mariadb	mariadb	5.2.4
mariadb	mariadb	5.2.5
mariadb	mariadb	5.2.6
mariadb	mariadb	5.2.7
mariadb	mariadb	5.2.8
mariadb	mariadb	5.2.9
mariadb	mariadb	5.2.10
mariadb	mariadb	5.2.11
mariadb	mariadb	5.2.12
mariadb	mariadb	5.3.0
mariadb	mariadb	5.3.1
mariadb	mariadb	5.3.2
mariadb	mariadb	5.3.3
mariadb	mariadb	5.3.4
mariadb	mariadb	5.3.5
mariadb	mariadb	5.3.6
mariadb	mariadb	5.3.7
mariadb	mariadb	5.5.20
mariadb	mariadb	5.5.21
mariadb	mariadb	5.5.22
mariadb	mariadb	5.5.23
mariadb	mariadb	5.5.24
mariadb	mariadb	5.5.25

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

mysql-5.1

hardy	dne
lucid	dne
natty	ignored
oneiric	Fixed 5.1.69-0ubuntu0.11.10.1 released
precise	dne
quantal	dne
raring	dne

mysql-5.5

hardy	dne
lucid	dne
natty	dne
oneiric	dne
precise	Fixed 5.5.31-0ubuntu0.12.04.1 released
quantal	Fixed 5.5.31-0ubuntu0.12.10.1 released
raring	Fixed 5.5.31-0ubuntu0.13.04.1 released

mysql-cluster-7.0

hardy	dne
lucid	ignored
natty	ignored
oneiric	ignored
precise	dne
quantal	dne
raring	dne

mysql-dfsg-5.0

hardy	ignored
lucid	dne
natty	dne
oneiric	dne
precise	dne
quantal	dne
raring	dne

mysql-dfsg-5.1

hardy	dne
lucid	Fixed 5.1.69-0ubuntu0.10.04.1 released
natty	dne
oneiric	dne
precise	dne
quantal	dne
raring	dne

openSUSE / SLES Releases

openSUSE Product

Release

libmariadbd104-devel

suse enterprise server 15 SP1

10.4.30-150100.3.5.10

fixed

libmariadbd19

suse enterprise server 15 SP1

10.4.30-150100.3.5.10

fixed

libmysqld-devel

suse enterprise sap 15	10.2.15-1.3 fixed
suse enterprise sap 15 SP1	10.2.22-3.14.1 fixed
suse enterprise server 15	10.2.15-1.3 fixed
suse enterprise server 15 SP1	10.2.22-3.14.1 fixed

libmysqld19

suse enterprise sap 15	10.2.15-1.3 fixed
suse enterprise sap 15 SP1	10.2.22-3.14.1 fixed
suse enterprise server 15	10.2.15-1.3 fixed
suse enterprise server 15 SP1	10.2.22-3.14.1 fixed

mariadb

suse enterprise sap 15	10.2.15-1.3 fixed
suse enterprise sap 15 SP1	10.2.22-3.14.1 fixed
suse enterprise server 15	10.2.15-1.3 fixed
suse enterprise server 15 SP1	10.2.22-3.14.1 fixed

mariadb-client

suse enterprise sap 15	10.2.15-1.3 fixed
suse enterprise sap 15 SP1	10.2.22-3.14.1 fixed
suse enterprise server 15	10.2.15-1.3 fixed
suse enterprise server 15 SP1	10.2.22-3.14.1 fixed

mariadb-errormessages

suse enterprise sap 15	10.2.15-1.3 fixed
suse enterprise sap 15 SP1	10.2.22-3.14.1 fixed
suse enterprise server 15	10.2.15-1.3 fixed
suse enterprise server 15 SP1	10.2.22-3.14.1 fixed

mariadb-tools

suse enterprise sap 15	10.2.15-1.3 fixed
suse enterprise sap 15 SP1	10.2.22-3.14.1 fixed
suse enterprise server 15	10.2.15-1.3 fixed
suse enterprise server 15 SP1	10.2.22-3.14.1 fixed

mariadb104

suse enterprise server 15 SP1

10.4.30-150100.3.5.10

fixed

mariadb104-bench

suse enterprise server 15 SP1

10.4.30-150100.3.5.10

fixed

mariadb104-client

suse enterprise server 15 SP1

10.4.30-150100.3.5.10

fixed

mariadb104-errormessages

suse enterprise server 15 SP1

10.4.30-150100.3.5.10

fixed

mariadb104-galera

suse enterprise server 15 SP1

10.4.30-150100.3.5.10

fixed

mariadb104-rpm-macros

suse enterprise server 15 SP1

10.4.30-150100.3.5.10

fixed

mariadb104-test

suse enterprise server 15 SP1

10.4.30-150100.3.5.10

fixed

mariadb104-tools

suse enterprise server 15 SP1

10.4.30-150100.3.5.10

fixed

python3-mysqlclient

suse enterprise server 15 SP1

1.4.6-150100.3.3.7

fixed

Common Weakness Enumeration

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

References

http://bugs.mysql.com/bug.php?id=66550

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html

http://www.mandriva.com/security/advisories?name=MDVSA-2013:102

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/

http://www.openwall.com/lists/oss-security/2012/09/11/4

http://www.securityfocus.com/bid/55498

https://bugzilla.redhat.com/show_bug.cgi?id=852144

https://mariadb.atlassian.net/browse/MDEV-382

http://bugs.mysql.com/bug.php?id=66550

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html

http://www.mandriva.com/security/advisories?name=MDVSA-2013:102

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/

http://www.openwall.com/lists/oss-security/2012/09/11/4

http://www.securityfocus.com/bid/55498

https://bugzilla.redhat.com/show_bug.cgi?id=852144

https://mariadb.atlassian.net/browse/MDEV-382