CVE-2007-2583 — MEDIUM (4.0)

Q: How severe is CVE-2007-2583?

CVE-2007-2583 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-2583?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Mysql, Debian Debian Linux, Canonical Ubuntu Linux.

Vulnerability Description

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.

CVSS Score

4.0

MEDIUM

AV:N/AC:L/Au:S/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Oracle	Mysql	< 5.0.40
Debian	Debian Linux	3.1
Canonical	Ubuntu Linux	6.06

References

http://bugs.mysql.com/bug.php?id=27513Issue TrackingVendor Advisory
http://lists.mysql.com/commits/23685Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.htmlMailing ListThird Party Advisory
http://packetstormsecurity.com/files/124295/MySQL-5.0.x-Denial-Of-Service.htmlThird Party AdvisoryVDB Entry
http://secunia.com/advisories/25188Vendor Advisory
http://secunia.com/advisories/25196PatchVendor Advisory
http://secunia.com/advisories/25255Vendor Advisory
http://secunia.com/advisories/25389Vendor Advisory
http://secunia.com/advisories/25946Vendor Advisory
http://secunia.com/advisories/27155Vendor Advisory
http://secunia.com/advisories/27823Vendor Advisory
http://secunia.com/advisories/28838Vendor Advisory
http://secunia.com/advisories/30351Vendor Advisory
http://security.gentoo.org/glsa/glsa-200705-11.xmlThird Party Advisory
http://www.debian.org/security/2007/dsa-1413PatchThird Party Advisory

FAQ

What is CVE-2007-2583?

CVE-2007-2583 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that...

How severe is CVE-2007-2583?

CVE-2007-2583 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-2583?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Mysql, Debian Debian Linux, Canonical Ubuntu Linux.