CVE-2010-3838

Published: 05 November 2010

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."

Priority

Medium

Status

Package Release Status
mysql-5.1
Launchpad, Ubuntu, Debian
Upstream
Released (5.1.51)
mysql-cluster-7.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

mysql-dfsg-5.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

mysql-dfsg-5.1
Launchpad, Ubuntu, Debian
Upstream
Released (5.1.51)
Patches:
Upstream: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/revision/3461.1.8