CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
53.6%
Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
Vendor | Product | Version | CPE |
---|---|---|---|
oracle | mysql | * | cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
oracle | mysql | 5.1.51 | cpe:2.3:a:oracle:mysql:5.1.51:*:*:*:*:*:*:* |
oracle | mysql | 5.1.52 | cpe:2.3:a:oracle:mysql:5.1.52:*:*:*:*:*:*:* |
oracle | mysql | 5.1.52 | cpe:2.3:a:oracle:mysql:5.1.52:sp1:*:*:*:*:*:* |
oracle | mysql | 5.1.53 | cpe:2.3:a:oracle:mysql:5.1.53:*:*:*:*:*:*:* |
oracle | mysql | 5.1.54 | cpe:2.3:a:oracle:mysql:5.1.54:*:*:*:*:*:*:* |
oracle | mysql | 5.1.55 | cpe:2.3:a:oracle:mysql:5.1.55:*:*:*:*:*:*:* |
oracle | mysql | 5.1.56 | cpe:2.3:a:oracle:mysql:5.1.56:*:*:*:*:*:*:* |
oracle | mysql | 5.1.57 | cpe:2.3:a:oracle:mysql:5.1.57:*:*:*:*:*:*:* |
oracle | mysql | 5.1.58 | cpe:2.3:a:oracle:mysql:5.1.58:*:*:*:*:*:*:* |
bugs.mysql.com/bug.php?id=66550
lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html
lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html
lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html
lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html
www.mandriva.com/security/advisories?name=MDVSA-2013:102
www.mandriva.com/security/advisories?name=MDVSA-2013:150
www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/
www.openwall.com/lists/oss-security/2012/09/11/4
www.securityfocus.com/bid/55498
bugzilla.redhat.com/show_bug.cgi?id=852144
mariadb.atlassian.net/browse/MDEV-382