PRIOn knowledge basePRION:CVE-2013-1861Design/Logic Flaw
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ubuntu_linux | eq | 13.04 | |
| ubuntu_linux | eq | 12.10 | |
| ubuntu_linux | eq | 10.04 | |
| ubuntu_linux | eq | 12.04 | |
| debian_linux | eq | 7.0 | |
| mariadb | ge | 5.5.0 | |
| mariadb | lt | 5.5.32 | |
| mariadb | ge | 10.0.0 | |
| mariadb | lt | 10.0.4 | |
| mariadb | ge | 5.5.0 |
References
lists.askmonty.org/pipermail/commits/2013-March/004371.html
lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html
lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html
lists.opensuse.org/opensuse-updates/2013-08/msg00024.html
lists.opensuse.org/opensuse-updates/2013-09/msg00008.html
seclists.org/oss-sec/2013/q1/671
secunia.com/advisories/52639
secunia.com/advisories/54300
security.gentoo.org/glsa/glsa-201409-04.xml
www.debian.org/security/2013/dsa-2818
www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
www.osvdb.org/91415
www.securityfocus.com/bid/58511
www.ubuntu.com/usn/USN-1909-1
bugzilla.redhat.com/show_bug.cgi?id=919247
exchange.xforce.ibmcloud.com/vulnerabilities/82895
mariadb.atlassian.net/browse/MDEV-4252
Related
