Vulnerability Details CVE-2010-3679
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.044
EPSS Ranking 88.6%
CVSS Severity
CVSS v2 Score 4.0
References
- http://bugs.mysql.com/bug.php?id=54393
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
- http://secunia.com/advisories/42936
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:155
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:012
- http://www.openwall.com/lists/oss-security/2010/09/28/10
- http://www.redhat.com/support/errata/RHSA-2011-0164.html
- http://www.securityfocus.com/bid/42638
- http://www.ubuntu.com/usn/USN-1017-1
- http://www.ubuntu.com/usn/USN-1397-1
- http://www.vupen.com/english/advisories/2011/0133
- http://www.vupen.com/english/advisories/2011/0170
- https://bugzilla.redhat.com/show_bug.cgi?id=628062
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64687
- http://bugs.mysql.com/bug.php?id=54393
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
- http://secunia.com/advisories/42936
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:155
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:012
- http://www.openwall.com/lists/oss-security/2010/09/28/10
- http://www.redhat.com/support/errata/RHSA-2011-0164.html
- http://www.securityfocus.com/bid/42638
- http://www.ubuntu.com/usn/USN-1017-1
- http://www.ubuntu.com/usn/USN-1397-1
- http://www.vupen.com/english/advisories/2011/0133
- http://www.vupen.com/english/advisories/2011/0170
- https://bugzilla.redhat.com/show_bug.cgi?id=628062
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64687
Products affected by CVE-2010-3679
-
cpe:2.3:a:mysql:mysql:5.1.23
-
cpe:2.3:a:mysql:mysql:5.1.31
-
cpe:2.3:a:mysql:mysql:5.1.32
-
cpe:2.3:a:mysql:mysql:5.1.34
-
cpe:2.3:a:mysql:mysql:5.1.37
-
cpe:2.3:a:mysql:mysql:5.1.5
-
cpe:2.3:a:oracle:mysql:5.1
-
cpe:2.3:a:oracle:mysql:5.1.1
-
cpe:2.3:a:oracle:mysql:5.1.10
-
cpe:2.3:a:oracle:mysql:5.1.11
-
cpe:2.3:a:oracle:mysql:5.1.12
-
cpe:2.3:a:oracle:mysql:5.1.13
-
cpe:2.3:a:oracle:mysql:5.1.14
-
cpe:2.3:a:oracle:mysql:5.1.15
-
cpe:2.3:a:oracle:mysql:5.1.16
-
cpe:2.3:a:oracle:mysql:5.1.17
-
cpe:2.3:a:oracle:mysql:5.1.18
-
cpe:2.3:a:oracle:mysql:5.1.19
-
cpe:2.3:a:oracle:mysql:5.1.2
-
cpe:2.3:a:oracle:mysql:5.1.20
-
cpe:2.3:a:oracle:mysql:5.1.21
-
cpe:2.3:a:oracle:mysql:5.1.22
-
cpe:2.3:a:oracle:mysql:5.1.23
-
cpe:2.3:a:oracle:mysql:5.1.24
-
cpe:2.3:a:oracle:mysql:5.1.25
-
cpe:2.3:a:oracle:mysql:5.1.26
-
cpe:2.3:a:oracle:mysql:5.1.27
-
cpe:2.3:a:oracle:mysql:5.1.28
-
cpe:2.3:a:oracle:mysql:5.1.29
-
cpe:2.3:a:oracle:mysql:5.1.3
-
cpe:2.3:a:oracle:mysql:5.1.30
-
cpe:2.3:a:oracle:mysql:5.1.31
-
cpe:2.3:a:oracle:mysql:5.1.33
-
cpe:2.3:a:oracle:mysql:5.1.34
-
cpe:2.3:a:oracle:mysql:5.1.35
-
cpe:2.3:a:oracle:mysql:5.1.36
-
cpe:2.3:a:oracle:mysql:5.1.37
-
cpe:2.3:a:oracle:mysql:5.1.38
-
cpe:2.3:a:oracle:mysql:5.1.39
-
cpe:2.3:a:oracle:mysql:5.1.4
-
cpe:2.3:a:oracle:mysql:5.1.40
-
cpe:2.3:a:oracle:mysql:5.1.41
-
cpe:2.3:a:oracle:mysql:5.1.42
-
cpe:2.3:a:oracle:mysql:5.1.43
-
cpe:2.3:a:oracle:mysql:5.1.44
-
cpe:2.3:a:oracle:mysql:5.1.45
-
cpe:2.3:a:oracle:mysql:5.1.46
-
cpe:2.3:a:oracle:mysql:5.1.47
-
cpe:2.3:a:oracle:mysql:5.1.48
-
cpe:2.3:a:oracle:mysql:5.1.6
-
cpe:2.3:a:oracle:mysql:5.1.7
-
cpe:2.3:a:oracle:mysql:5.1.8
-
cpe:2.3:a:oracle:mysql:5.1.9