CVE-2010-3683

Published: 05 November 2010

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.

Priority

Medium

Status

Package Release Status
mysql-5.1
Launchpad, Ubuntu, Debian
Upstream
Released (5.1.49)
mysql-cluster-7.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

mysql-dfsg-5.0
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

mysql-dfsg-5.1
Launchpad, Ubuntu, Debian
Upstream
Released (5.1.49)
Patches:
Upstream: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/revision/3351.51.1