PT-2012-6061 · Mariadb+3 · Mariadb+4
Huzaifa S. Sidhpurwala
·
Published
2012-12-03
·
Updated
2022-08-29
·
CVE-2012-5614
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Oracle MySQL versions 5.1.67 and earlier
Oracle MySQL versions 5.5.29 and earlier
MariaDB versions 5.5.28a and possibly other versions
Description
The issue allows remote authenticated users to cause a denial of service, resulting in a mysqld crash. This can be achieved via a SELECT command that includes an UpdateXML command containing XML with a large number of unique, nested elements.
Recommendations
For Oracle MySQL versions 5.1.67 and earlier, update to a version later than 5.1.67 to resolve the issue.
For Oracle MySQL versions 5.5.29 and earlier, update to a version later than 5.5.29 to resolve the issue.
For MariaDB versions 5.5.28a and possibly other versions, consider restricting access to the UpdateXML command as a temporary workaround until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Centos
Mariadb
Mariadb Server
Mysql Server
Red Hat