4

CVE-2010-3682

Exploit

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.

Data is provided by the National Vulnerability Database (NVD)
MysqlMysql Version <= 5.1.48
MysqlMysql Version5.1.23
MysqlMysql Version5.1.31
MysqlMysql Version5.1.32
MysqlMysql Version5.1.34
MysqlMysql Version5.1.37
OracleMysql Version5.1.1
OracleMysql Version5.1.2
OracleMysql Version5.1.3
OracleMysql Version5.1.4
OracleMysql Version5.1.10
OracleMysql Version5.1.11
OracleMysql Version5.1.12
OracleMysql Version5.1.13
OracleMysql Version5.1.14
OracleMysql Version5.1.15
OracleMysql Version5.1.16
OracleMysql Version5.1.17
OracleMysql Version5.1.18
OracleMysql Version5.1.19
OracleMysql Version5.1.20
OracleMysql Version5.1.21
OracleMysql Version5.1.22
OracleMysql Version5.1.23 Updatea
OracleMysql Version5.1.24
OracleMysql Version5.1.25
OracleMysql Version5.1.26
OracleMysql Version5.1.27
OracleMysql Version5.1.28
OracleMysql Version5.1.29
OracleMysql Version5.1.30
OracleMysql Version5.1.31 Updatesp1
OracleMysql Version5.1.33
OracleMysql Version5.1.34 Updatesp1
OracleMysql Version5.1.35
OracleMysql Version5.1.36
OracleMysql Version5.1.37 Updatesp1
OracleMysql Version5.1.38
OracleMysql Version5.1.39
OracleMysql Version5.1.40
OracleMysql Version5.1.40 Updatesp1
OracleMysql Version5.1.41
OracleMysql Version5.1.42
OracleMysql Version5.1.43
OracleMysql Version5.1.43 Updatesp1
OracleMysql Version5.1.44
OracleMysql Version5.1.45
OracleMysql Version5.1.46
OracleMysql Version5.1.46 Updatesp1
OracleMysql Version5.1.47
MysqlMysql Version <= 5.0.91
MysqlMysql Version5.0.0
MysqlMysql Version5.0.1
MysqlMysql Version5.0.2
MysqlMysql Version5.0.10
MysqlMysql Version5.0.15
MysqlMysql Version5.0.16
MysqlMysql Version5.0.17
MysqlMysql Version5.0.20
MysqlMysql Version5.0.24
MysqlMysql Version5.0.30
MysqlMysql Version5.0.36
MysqlMysql Version5.0.44
MysqlMysql Version5.0.54
MysqlMysql Version5.0.56
MysqlMysql Version5.0.60
MysqlMysql Version5.0.66
MysqlMysql Version5.0.72
MysqlMysql Version5.0.74
MysqlMysql Version5.0.82
MysqlMysql Version5.0.84
MysqlMysql Version5.0.87
OracleMysql Version5.0.28
OracleMysql Version5.0.30 Updatesp1
OracleMysql Version5.0.32
OracleMysql Version5.0.34
OracleMysql Version5.0.36 Updatesp1
OracleMysql Version5.0.38
OracleMysql Version5.0.40
OracleMysql Version5.0.41
OracleMysql Version5.0.42
OracleMysql Version5.0.44 Updatesp1
OracleMysql Version5.0.45
OracleMysql Version5.0.46
OracleMysql Version5.0.48
OracleMysql Version5.0.50
OracleMysql Version5.0.51 Updatea
OracleMysql Version5.0.51 Updateb
OracleMysql Version5.0.52
OracleMysql Version5.0.56 Updatesp1
OracleMysql Version5.0.58
OracleMysql Version5.0.62
OracleMysql Version5.0.64
OracleMysql Version5.0.66 Updatea
OracleMysql Version5.0.66 Updatesp1
OracleMysql Version5.0.67
OracleMysql Version5.0.68
OracleMysql Version5.0.70
OracleMysql Version5.0.72 Updatesp1
OracleMysql Version5.0.74 Updatesp1
OracleMysql Version5.0.75
OracleMysql Version5.0.76
OracleMysql Version5.0.77
OracleMysql Version5.0.78
OracleMysql Version5.0.79
OracleMysql Version5.0.80
OracleMysql Version5.0.81
OracleMysql Version5.0.82 Updatesp1
OracleMysql Version5.0.83
OracleMysql Version5.0.84 Updatesp1
OracleMysql Version5.0.85
OracleMysql Version5.0.86
OracleMysql Version5.0.87 Updatesp1
OracleMysql Version5.0.88
OracleMysql Version5.0.89
OracleMysql Version5.0.90
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 2.06% 0.833
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P