CVE-2006-7232

Properties

Published:
30.12.2006
Updated:
26.02.2008
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
Product:
MySQL: MySQL
MySQL: MySQL

Vulnerability description

sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.

References:

http://bugs.mysql.com/bug.php?id=22413: http://bugs.mysql.com/bug.php?id=22413
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-32.html: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-32.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-14.html: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-14.html