PT-2012-5385 · Mariadb+2 · Mariadb+3

Jan Lieskovsky

Published

2012-11-29

Updated

2024-06-15

CVE-2012-4414

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions prior to 5.5.29 MariaDB versions 5.1.x through 5.1.62 MariaDB versions 5.2.x through 5.2.12 MariaDB versions 5.3.x through 5.3.7 MariaDB versions 5.5.x through 5.5.25

Description Multiple SQL injection vulnerabilities in the replication code allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log.

Recommendations For Oracle MySQL versions prior to 5.5.29, update to version 5.5.29 or later. For MariaDB versions 5.1.x through 5.1.62, update to a version later than 5.1.62. For MariaDB versions 5.2.x through 5.2.12, update to a version later than 5.2.12. For MariaDB versions 5.3.x through 5.3.7, update to a version later than 5.3.7. For MariaDB versions 5.5.x through 5.5.25, update to a version later than 5.5.25.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2012-4414

OPENSUSE-SU-2013_0011-1

OPENSUSE-SU-2013_0014-1

OPENSUSE-SU-2013_0135-1

OPENSUSE-SU-2013_0156-1

OPENSUSE-SU-2024:10153-1

SUSE-RU-2023:3956-1

SUSE-RU-2023:4991-1

Affected Products

Mariadb

Mariadb Server

Mysql Server

Suse

PT-2012-5385 · Mariadb+2 · Mariadb+3

CVE-2012-4414

Weakness Enumeration

Related Identifiers

Affected Products

References · 462