CVE-2013-1861

2013-03-2800:00:00

ubuntu.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.901 High

EPSS

Percentile

98.8%

JSON

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and
5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and
earlier, and 5.6.11 and earlier allows remote attackers to cause a denial
of service (crash) via a crafted geometry feature that specifies a large
number of points, which is not properly handled when processing the binary
representation of this feature, related to a numeric calculation error.

Bugs

Notes

Author	Note
mdeslaur	Fixed in 5.1.70, 5.5.32, 5.6.12
seth-arnold	Not actually fixed in 1807-1 – my mistake

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchmysql-5.5< 5.5.32-0ubuntu0.12.04.1UNKNOWN
ubuntu12.10noarchmysql-5.5< 5.5.32-0ubuntu0.12.10.1UNKNOWN
ubuntu13.04noarchmysql-5.5< 5.5.32-0ubuntu0.13.04.1UNKNOWN
ubuntu10.04noarchmysql-dfsg-5.1< 5.1.70-0ubuntu0.10.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	mysql-5.5	< 5.5.32-0ubuntu0.12.04.1	UNKNOWN
ubuntu	12.10	noarch	mysql-5.5	< 5.5.32-0ubuntu0.12.10.1	UNKNOWN
ubuntu	13.04	noarch	mysql-5.5	< 5.5.32-0ubuntu0.13.04.1	UNKNOWN
ubuntu	10.04	noarch	mysql-dfsg-5.1	< 5.1.70-0ubuntu0.10.04.1	UNKNOWN