CVE-2010-3833

Published: 05 November 2010

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."

Priority

Medium

Status

Package Release Status
mysql-5.1
Launchpad, Ubuntu, Debian 		Upstream
Released (5.1.51)
mysql-cluster-7.0
Launchpad, Ubuntu, Debian 		Upstream Needs triage

mysql-dfsg-5.0
Launchpad, Ubuntu, Debian 		Upstream Needs triage

mysql-dfsg-5.1
Launchpad, Ubuntu, Debian 		Upstream
Released (5.1.51)
Patches:
Upstream: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/revision/3461.1.20

Notes

AuthorNote
jdstrand mysql-cluster-7.0 not supported per server team
mdeslaur can't reproduce on dapper, and code is different

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading