What is the severity of REDHAT-BUG-628328?

The severity of REDHAT-BUG-628328 is critical due to its potential to cause a denial of service by crashing the MySQL daemon.

How do I fix REDHAT-BUG-628328?

To fix REDHAT-BUG-628328, upgrade MySQL to version 5.1.49 or later.

What systems are affected by REDHAT-BUG-628328?

REDHAT-BUG-628328 affects MySQL versions prior to 5.1.49.

What specific functionality is vulnerable in REDHAT-BUG-628328?

The vulnerability in REDHAT-BUG-628328 lies in the handling of EXPLAIN statements for certain SQL queries that utilize UNION and ORDER BY constructs.

Who can exploit REDHAT-BUG-628328?

A remote authenticated MySQL user could exploit REDHAT-BUG-628328 to trigger the denial of service.

Vulnerability/
REDHAT-BUG-628328

medium

29/8/2010

26/3/2021

REDHAT-BUG-628328

First published: Sun Aug 29 2010(Updated: )

A denial of service flaw was found in the way MySQL processed EXPLAIN statements for SQL queries of the form: SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...) A remote authenticated MySQL user could use this flaw to cause mysqld deamon crash (dereference NULL pointer). References: [1] <a href="http://secunia.com/advisories/41048/">http://secunia.com/advisories/41048/</a> [2] <a href="http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html">http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html</a> Upstream bug report: [3] <a href="http://bugs.mysql.com/bug.php?id=52711">http://bugs.mysql.com/bug.php?id=52711</a> Upstream changesets: [4] <a href="http://lists.mysql.com/commits/105750">http://lists.mysql.com/commits/105750</a> [5] <a href="http://lists.mysql.com/commits/112043">http://lists.mysql.com/commits/112043</a> Note: This issue only causes a temporary denial of service, as the mysql daemon shipped with Red Hat Enterprise Linux 5 will be automatically restarted after the crash.

Affected Software	Affected Version	How to fix
MySQL (MySQL-common)	<5.1.49

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-628328?
The severity of REDHAT-BUG-628328 is critical due to its potential to cause a denial of service by crashing the MySQL daemon.
How do I fix REDHAT-BUG-628328?
To fix REDHAT-BUG-628328, upgrade MySQL to version 5.1.49 or later.
What systems are affected by REDHAT-BUG-628328?
REDHAT-BUG-628328 affects MySQL versions prior to 5.1.49.
What specific functionality is vulnerable in REDHAT-BUG-628328?
The vulnerability in REDHAT-BUG-628328 lies in the handling of EXPLAIN statements for certain SQL queries that utilize UNION and ORDER BY constructs.
Who can exploit REDHAT-BUG-628328?
A remote authenticated MySQL user could exploit REDHAT-BUG-628328 to trigger the denial of service.

collector/redhat-bugzilla
alias/CVE-2010-3682
agent/type
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/description
agent/event
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
vendor/mysql
canonical/mysql (mysql-common)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.