MySQL 'Gis_line_string::init_from_wkb()' DOS Vulnerability Network Vulnerability

Summary

The host is running MySQL and is prone to denial of service vulnerability.

Impact

Successful exploitation could allow users to cause a denial of service and to execute arbitrary code. Impact Level: Application

Solution

Upgrade to MySQL version 5.1.51 For updates refer to http://dev.mysql.com/downloads

Insight

The flaw is due to an error in 'Gis_line_string::init_from_wkb()' function in 'sql/spatial.cc',allows remote authenticated users to cause a denial of service by calling the PolyFromWKB function with WKB data containing a crafted number of line strings or line points.

Affected

MySQL version 5.1 before 5.1.51

References

http://bugs.mysql.com/bug.php?id=54568
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
http://secunia.com/advisories/42875

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3840

CVSS	Base Score: 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P

Related Vulnerabilities

Oracle Database 'XML DB component' Unspecified vulnerability
IBM DB2 SYSIBMADM Multiple Vulnerabilities (Sep10)
Oracle MySQL Multiple Unspecified vulnerabilities-01 July14 (Windows)
IBM DB2 XML Feature DoS and CREATE VARIABLE Security Bypass Vulnerabilities
Oracle MySQL Server Multiple Vulnerabilities-03 Nov12 (Windows)

Take action and discover your vulnerabilities