CVE-2013-1861

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
mariadbmariadb
5.5.0 ≤
𝑥
< 5.5.32
mariadbmariadb
10.0.0 ≤
𝑥
< 10.0.4
oraclemysql
5.1.0 ≤
𝑥
≤ 5.1.69
oraclemysql
5.5.0 ≤
𝑥
≤ 5.5.31
oraclemysql
5.6.0 ≤
𝑥
≤ 5.6.11
redhatenterprise_linux
6.0
mariadbmariadb
5.5.0 ≤
𝑥
< 5.5.32
mariadbmariadb
10.0.0 ≤
𝑥
< 10.0.4
debiandebian_linux
7.0
canonicalubuntu_linux
10.04
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
canonicalubuntu_linux
13.04
opensuseopensuse
11.4
opensuseopensuse
12.2
opensuseopensuse
12.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mysql-5.5
hardy
dne
lucid
dne
oneiric
dne
precise
Fixed 5.5.32-0ubuntu0.12.04.1
released
quantal
Fixed 5.5.32-0ubuntu0.12.10.1
released
raring
Fixed 5.5.32-0ubuntu0.13.04.1
released
mysql-dfsg-5.1
hardy
dne
lucid
Fixed 5.1.70-0ubuntu0.10.04.1
released
oneiric
dne
precise
dne
quantal
dne
raring
dne
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
mysql
RHEL 6
0:5.1.71-1.el6
fixed
mysql-bench
RHEL 6
0:5.1.71-1.el6
fixed
mysql-devel
RHEL 6
0:5.1.71-1.el6
fixed
mysql-embedded
RHEL 6
0:5.1.71-1.el6
fixed
mysql-embedded-devel
RHEL 6
0:5.1.71-1.el6
fixed
mysql-libs
RHEL 6
0:5.1.71-1.el6
fixed
mysql-server
RHEL 6
0:5.1.71-1.el6
fixed
mysql-test
RHEL 6
0:5.1.71-1.el6
fixed
Common Weakness Enumeration
References
http://lists.askmonty.org/pipermail/commits/2013-March/004371.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html
http://seclists.org/oss-sec/2013/q1/671
http://secunia.com/advisories/52639
http://secunia.com/advisories/54300
http://security.gentoo.org/glsa/glsa-201409-04.xml
http://www.debian.org/security/2013/dsa-2818
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
http://www.osvdb.org/91415
http://www.securityfocus.com/bid/58511
http://www.ubuntu.com/usn/USN-1909-1
https://bugzilla.redhat.com/show_bug.cgi?id=919247
https://exchange.xforce.ibmcloud.com/vulnerabilities/82895
https://mariadb.atlassian.net/browse/MDEV-4252
http://lists.askmonty.org/pipermail/commits/2013-March/004371.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html
http://seclists.org/oss-sec/2013/q1/671
http://secunia.com/advisories/52639
http://secunia.com/advisories/54300
http://security.gentoo.org/glsa/glsa-201409-04.xml
http://www.debian.org/security/2013/dsa-2818
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
http://www.osvdb.org/91415
http://www.securityfocus.com/bid/58511
http://www.ubuntu.com/usn/USN-1909-1
https://bugzilla.redhat.com/show_bug.cgi?id=919247
https://exchange.xforce.ibmcloud.com/vulnerabilities/82895
https://mariadb.atlassian.net/browse/MDEV-4252