5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.901 High
EPSS
Percentile
98.8%
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and
5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and
earlier, and 5.6.11 and earlier allows remote attackers to cause a denial
of service (crash) via a crafted geometry feature that specifies a large
number of points, which is not properly handled when processing the binary
representation of this feature, related to a numeric calculation error.
Author | Note |
---|---|
mdeslaur | Fixed in 5.1.70, 5.5.32, 5.6.12 |
seth-arnold | Not actually fixed in 1807-1 â my mistake |
lists.askmonty.org/pipermail/commits/2013-March/004371.html
www.openwall.com/lists/oss-security/2013/03/15
www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
launchpad.net/bugs/cve/CVE-2013-1861
nvd.nist.gov/vuln/detail/CVE-2013-1861
security-tracker.debian.org/tracker/CVE-2013-1861
ubuntu.com/security/notices/USN-1909-1
www.cve.org/CVERecord?id=CVE-2013-1861