CVE-2007-2583 : Detail

CVE-2007-2583

0.51%V3
Network
2007-05-09
20h00 +00:00
2018-10-03
18h57 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE Other No informations.

Metrics

Metrics Score Severity CVSS Vector Source
V2 4 AV:N/AC:L/Au:S/C:N/I:N/A:P nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Exploit information

Exploit Database EDB-ID : 30020

Publication date : 2013-12-03 23h00 +00:00
Author : Neil Kettle
EDB Verified : Yes

source: https://www.securityfocus.com/bid/23911/info MySQL is prone to a remote denial-of-service vulnerability because it fails to handle certain specially crafted queries. An attacker can exploit this issue to crash the application, denying access to legitimate users. NOTE: An attacker must be able to execute arbitrary SELECT statements against the database to exploit this issue. This may be through legitimate means or by exploiting other latent SQL-injection vulnerabilities. Versions prior to MySQL 5.0.40 are vulnerable. SELECT id from example WHERE id IN(1, (SELECT IF(1=0,1,2/0)));

Products Mentioned

Configuraton 0

Oracle>>Mysql >> Version To (excluding) 5.0.40

Oracle>>Mysql >> Version From (including) 5.1 To (including) 5.1.17

Configuraton 0

Debian>>Debian_linux >> Version 3.1

Debian>>Debian_linux >> Version 4.0

Configuraton 0

Canonical>>Ubuntu_linux >> Version 6.06

Canonical>>Ubuntu_linux >> Version 6.10

Canonical>>Ubuntu_linux >> Version 7.04

References

http://www.vupen.com/english/advisories/2007/1731
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/27823
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/25196
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/25188
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/25389
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.trustix.org/errata/2007/0017/
Tags : vendor-advisory, x_refsource_TRUSTIX
http://security.gentoo.org/glsa/glsa-200705-11.xml
Tags : vendor-advisory, x_refsource_GENTOO
http://bugs.mysql.com/bug.php?id=27513
Tags : x_refsource_CONFIRM
http://www.exploit-db.com/exploits/30020
Tags : exploit, x_refsource_EXPLOIT-DB
http://secunia.com/advisories/25946
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/23911
Tags : vdb-entry, x_refsource_BID
http://www.debian.org/security/2007/dsa-1413
Tags : vendor-advisory, x_refsource_DEBIAN
http://lists.mysql.com/commits/23685
Tags : x_refsource_CONFIRM
https://usn.ubuntu.com/528-1/
Tags : vendor-advisory, x_refsource_UBUNTU
http://www.mandriva.com/security/advisories?name=MDKSA-2007:139
Tags : vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/30351
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27155
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.osvdb.org/34734
Tags : vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/25255
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/28838
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0364.html
Tags : vendor-advisory, x_refsource_REDHAT