CVE-2010-3678

Published: 05 November 2010

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.

Priority

Medium

Status

Package Release Status
mysql-5.1
Launchpad, Ubuntu, Debian
Upstream
Released (5.1.49)
mysql-cluster-7.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

mysql-dfsg-5.0
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

mysql-dfsg-5.1
Launchpad, Ubuntu, Debian
Upstream
Released (5.1.49)
Patches:
Upstream: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/revision/3437.1.1

Notes

AuthorNote
jdstrand
mysql-cluster-7.0 not supported per server team
mdeslaur
fixed in 5.1.49
reproducer: select  greatest((((1) in ((null),(-10),(0.5)))),(1));
doesn't apply to 5.0.x

References

Bugs