CVE-2013-1861

EUVD-2013-1864
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
mariadbmariadb
5.5.0 ≤
𝑥
< 5.5.32
mariadbmariadb
10.0.0 ≤
𝑥
< 10.0.4
oraclemysql
5.1.0 ≤
𝑥
≤ 5.1.69
oraclemysql
5.5.0 ≤
𝑥
≤ 5.5.31
oraclemysql
5.6.0 ≤
𝑥
≤ 5.6.11
redhatenterprise_linux
6.0
mariadbmariadb
5.5.0 ≤
𝑥
< 5.5.32
mariadbmariadb
10.0.0 ≤
𝑥
< 10.0.4
debiandebian_linux
7.0
canonicalubuntu_linux
10.04
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
canonicalubuntu_linux
13.04
opensuseopensuse
11.4
opensuseopensuse
12.2
opensuseopensuse
12.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mysql-5.5
hardy
dne
lucid
dne
oneiric
dne
precise
Fixed 5.5.32-0ubuntu0.12.04.1
released
quantal
Fixed 5.5.32-0ubuntu0.12.10.1
released
raring
Fixed 5.5.32-0ubuntu0.13.04.1
released
mysql-dfsg-5.1
hardy
dne
lucid
Fixed 5.1.70-0ubuntu0.10.04.1
released
oneiric
dne
precise
dne
quantal
dne
raring
dne
Common Weakness Enumeration
References
http://lists.askmonty.org/pipermail/commits/2013-March/004371.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html
http://seclists.org/oss-sec/2013/q1/671
http://secunia.com/advisories/52639
http://secunia.com/advisories/54300
http://security.gentoo.org/glsa/glsa-201409-04.xml
http://www.debian.org/security/2013/dsa-2818
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
http://www.osvdb.org/91415
http://www.securityfocus.com/bid/58511
http://www.ubuntu.com/usn/USN-1909-1
https://bugzilla.redhat.com/show_bug.cgi?id=919247
https://exchange.xforce.ibmcloud.com/vulnerabilities/82895
https://mariadb.atlassian.net/browse/MDEV-4252
http://lists.askmonty.org/pipermail/commits/2013-March/004371.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html
http://seclists.org/oss-sec/2013/q1/671
http://secunia.com/advisories/52639
http://secunia.com/advisories/54300
http://security.gentoo.org/glsa/glsa-201409-04.xml
http://www.debian.org/security/2013/dsa-2818
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
http://www.osvdb.org/91415
http://www.securityfocus.com/bid/58511
http://www.ubuntu.com/usn/USN-1909-1
https://bugzilla.redhat.com/show_bug.cgi?id=919247
https://exchange.xforce.ibmcloud.com/vulnerabilities/82895
https://mariadb.atlassian.net/browse/MDEV-4252