CVE-2013-1861
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
5.1 Medium
AI Score
Confidence
High
0.901 High
EPSS
Percentile
98.8%
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| mariadb:mariadb | mariadb | lt | 5.5.32 |
| mariadb:mariadb | mariadb | lt | 10.0.4 |
References
lists.askmonty.org/pipermail/commits/2013-March/004371.html
lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html
lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html
lists.opensuse.org/opensuse-updates/2013-08/msg00024.html
lists.opensuse.org/opensuse-updates/2013-09/msg00008.html
seclists.org/oss-sec/2013/q1/671
secunia.com/advisories/52639
secunia.com/advisories/54300
security.gentoo.org/glsa/glsa-201409-04.xml
www.debian.org/security/2013/dsa-2818
www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
www.osvdb.org/91415
www.securityfocus.com/bid/58511
www.ubuntu.com/usn/USN-1909-1
bugzilla.redhat.com/show_bug.cgi?id=919247
exchange.xforce.ibmcloud.com/vulnerabilities/82895
mariadb.atlassian.net/browse/MDEV-4252
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
5.1 Medium
AI Score
Confidence
High
0.901 High
EPSS
Percentile
98.8%