CVE 2010-3682
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_
Related bugs and status
CVE-2010-3682 (Candidate) is related to these bugs:
Bug #937869: MySQL security update tracking bug
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
937869 | MySQL security update tracking bug | mysql-5.1 (Ubuntu) | Undecided | Fix Released | ||
937869 | MySQL security update tracking bug | mysql-5.1 (Ubuntu Maverick) | Undecided | Fix Released | ||
937869 | MySQL security update tracking bug | mysql-5.1 (Ubuntu Natty) | Undecided | Fix Released | ||
937869 | MySQL security update tracking bug | mysql-5.1 (Ubuntu Oneiric) | Undecided | Fix Released | ||
937869 | MySQL security update tracking bug | mysql-dfsg-5.1 (Ubuntu) | Undecided | Fix Released | ||
937869 | MySQL security update tracking bug | mysql-dfsg-5.1 (Ubuntu Maverick) | Undecided | Invalid | ||
937869 | MySQL security update tracking bug | mysql-dfsg-5.1 (Ubuntu Natty) | Undecided | Invalid | ||
937869 | MySQL security update tracking bug | mysql-dfsg-5.1 (Ubuntu Oneiric) | Undecided | Invalid | ||
937869 | MySQL security update tracking bug | mysql-5.1 (Ubuntu Lucid) | Undecided | Invalid | ||
937869 | MySQL security update tracking bug | mysql-dfsg-5.1 (Ubuntu Lucid) | Undecided | Fix Released | ||
937869 | MySQL security update tracking bug | mysql-dfsg-5.0 (Ubuntu) | Undecided | Fix Released | ||
937869 | MySQL security update tracking bug | mysql-dfsg-5.0 (Ubuntu Lucid) | Undecided | Invalid | ||
937869 | MySQL security update tracking bug | mysql-dfsg-5.0 (Ubuntu Maverick) | Undecided | Invalid | ||
937869 | MySQL security update tracking bug | mysql-dfsg-5.0 (Ubuntu Natty) | Undecided | Invalid | ||
937869 | MySQL security update tracking bug | mysql-dfsg-5.0 (Ubuntu Oneiric) | Undecided | Invalid | ||
937869 | MySQL security update tracking bug | mysql-5.1 (Ubuntu Hardy) | Undecided | Invalid | ||
937869 | MySQL security update tracking bug | mysql-dfsg-5.0 (Ubuntu Hardy) | Undecided | Fix Released | ||
937869 | MySQL security update tracking bug | mysql-dfsg-5.1 (Ubuntu Hardy) | Undecided | Invalid |
See the
CVE page on Mitre.org
for more details.