4

CVE-2007-2583

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleMysql Version < 5.0.40
OracleMysql Version >= 5.1 <= 5.1.17
DebianDebian Linux Version3.1
DebianDebian Linux Version4.0
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version6.10
CanonicalUbuntu Linux Version7.04
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.26% 0.867
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
http://bugs.mysql.com/bug.php?id=27513
Vendor Advisory
Issue Tracking
http://www.exploit-db.com/exploits/30020
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/23911
Third Party Advisory
Vendor Advisory
VDB Entry
https://usn.ubuntu.com/528-1/
Third Party Advisory