CVE-2012-5614
03.12.2012, 12:49
Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| oracle | mysql | 5.1.0 ≤ 𝑥 ≤ 5.1.67 |
| oracle | mysql | 5.5.0 ≤ 𝑥 ≤ 5.5.29 |
| mariadb | mariadb | 5.5.0 ≤ 𝑥 < 5.5.30 |
| mariadb | mariadb | 10.0.0 ≤ 𝑥 < 10.0.2 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_eus | 6.4 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server_aus | 6.4 |
| redhat | enterprise_linux_workstation | 6.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Red Hat Enterprise Linux Releases
Red Hat Product | |||
|---|---|---|---|
| mysql |
| ||
| mysql-bench |
| ||
| mysql-devel |
| ||
| mysql-embedded |
| ||
| mysql-embedded-devel |
| ||
| mysql-libs |
| ||
| mysql-server |
| ||
| mysql-test |
|
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| mysql51 |
| ||
| mysql51-bench |
| ||
| mysql51-common |
| ||
| mysql51-debuginfo |
| ||
| mysql51-devel |
| ||
| mysql51-embedded |
| ||
| mysql51-embedded-devel |
| ||
| mysql51-libs |
| ||
| mysql51-server |
| ||
| mysql51-test |
| ||
| mysql55 |
| ||
| mysql55-bench |
| ||
| mysql55-common |
| ||
| mysql55-debuginfo |
| ||
| mysql55-devel |
| ||
| mysql55-embedded |
| ||
| mysql55-embedded-devel |
| ||
| mysql55-libs |
| ||
| mysql55-server |
| ||
| mysql55-test |
|
References