Denial of Service Vulnerability in MySQL Database Server
CVE-2010-3837

Currently unrated

Key Information:

Vendor: Mysql
Status: Mysql
Vendor: CVE Published:; 14 January 2011

What is CVE-2010-3837?

MySQL versions 5.0 prior to 5.0.92, 5.1 prior to 5.1.51, and 5.5 prior to 5.5.6 are susceptible to a denial of service vulnerability. This issue arises when remote authenticated users execute prepared statements that utilize the GROUP_CONCAT function with the WITH ROLLUP modifier. Modifications to a copied object can modify the original object, potentially leading to a crash of the MySQL server as a result of a use-after-free error.

References

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html

x_refsource_CONFIRM

http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html

x_refsource_CONFIRM

http://www.ubuntu.com/usn/USN-1397-1

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability published
Jan 14, 2011
Vulnerability Reserved
Oct 7, 2010

Mysql

What is CVE-2010-3837?

References

Timeline