← back
CVE-2009-4019

CVE-2009-4019

EPSS 16.3%
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
Affected products
n/a · n/a
public PoCs found2
exploitdbwww.exploit-db.com/exploits/33398unverifiedexploitdbwww.exploit-db.com/exploits/33397unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://bugs.mysql.com/47780http://bugs.mysql.com/48291http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.htmlhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.htmlhttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlhttp://marc.info/?l=oss-security&m=125881733826437&w=2http://marc.info/?l=oss-security&m=125883754215621&w=2http://marc.info/?l=oss-security&m=125901161824278&w=2https://bugzilla.redhat.com/show_bug.cgi?id=540906http://secunia.com/advisories/37717http://secunia.com/advisories/38517