4

CVE-2009-0819

Exploit
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MysqlMysql Version <= 5.1.32-bzr
MysqlMysql Version5.1.23
MysqlMysql Version5.1.31
MysqlMysql Version6.0.9
MysqlMysql Version6.0.10-bzr
OracleMysql Version5.1
OracleMysql Version5.1.1
OracleMysql Version5.1.2
OracleMysql Version5.1.3
OracleMysql Version5.1.10
OracleMysql Version5.1.11
OracleMysql Version5.1.12
OracleMysql Version5.1.13
OracleMysql Version5.1.14
OracleMysql Version5.1.15
OracleMysql Version5.1.16
OracleMysql Version5.1.17
OracleMysql Version5.1.18
OracleMysql Version5.1.19
OracleMysql Version5.1.20
OracleMysql Version5.1.21
OracleMysql Version5.1.22
OracleMysql Version5.1.23 Updatea
OracleMysql Version5.1.24
OracleMysql Version5.1.25
OracleMysql Version5.1.26
OracleMysql Version5.1.27
OracleMysql Version5.1.28
OracleMysql Version5.1.29
OracleMysql Version5.1.30
OracleMysql Version5.1.31 Updatesp1
OracleMysql Version6.0.0
OracleMysql Version6.0.1
OracleMysql Version6.0.2
OracleMysql Version6.0.3
OracleMysql Version6.0.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.18% 0.951
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://bugs.mysql.com/bug.php?id=42495
Patch
Vendor Advisory
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html
Vendor Advisory
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html
http://secunia.com/advisories/34115
Vendor Advisory
http://www.securityfocus.com/bid/33972
Exploit
http://www.securitytracker.com/id?1021786
http://www.vupen.com/english/advisories/2009/0594
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7544