Back to search
CVE-2012-5614
Published: Dec 3, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1027829
vdb-entry
x_refsource_SECTRACK
53372
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
mailing-list
x_refsource_MLIST
GLSA-201308-06
vendor-advisory
x_refsource_GENTOO
[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
mailing-list
x_refsource_MLIST
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
x_refsource_CONFIRM
RHSA-2013:0772
vendor-advisory
x_refsource_REDHAT
20121201 MySQL Denial of Service Zeroday PoC
mailing-list
x_refsource_FULLDISC
https://bugzilla.redhat.com/show_bug.cgi?id=882607
x_refsource_MISC
https://mariadb.atlassian.net/browse/MDEV-3910
x_refsource_MISC
MDVSA-2013:150
vendor-advisory
x_refsource_MANDRIVA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now