Red Hat Customer Portal

Skip to main content

CVE-2012-5614

Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.

Details Source

Mitre

Public Date

2012-12-01 00:00:00

Impact

Low

Bugzilla

CVE-2012-5614 mysql: COM_BINLOG_DUMP crash on invalid data

Bugzilla ID

882 607

CVSS Status

verified

Base Score

4.00

Base Metrics

AV:N/AC:L/Au:S/C:N/I:N/A:P

External References

http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (mysql) RHSA-2013:0772 2013-04-25

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 mysql Not affected