CVE-2013-1861

high

Description

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/82895

https://bugzilla.redhat.com/show_bug.cgi?id=919247

http://www.ubuntu.com/usn/USN-1909-1

http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

http://www.debian.org/security/2013/dsa-2818

http://security.gentoo.org/glsa/glsa-201409-04.xml

http://secunia.com/advisories/54300

http://secunia.com/advisories/52639

http://seclists.org/oss-sec/2013/q1/671

http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html

http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html

http://lists.askmonty.org/pipermail/commits/2013-March/004371.html

Details

Source: Mitre, NVD

Published: 2013-03-28

Updated: 2022-08-04

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High