Vulnerability Description
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mysql | Mysql | <= 5.1.32-bzr |
| Oracle | Mysql | 5.1 |
References
- http://bugs.mysql.com/bug.php?id=42495PatchVendor Advisory
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.htmlVendor Advisory
- http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html
- http://secunia.com/advisories/34115Vendor Advisory
- http://www.securityfocus.com/bid/33972Exploit
- http://www.securitytracker.com/id?1021786
- http://www.vupen.com/english/advisories/2009/0594Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49050
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://bugs.mysql.com/bug.php?id=42495PatchVendor Advisory
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.htmlVendor Advisory
- http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html
- http://secunia.com/advisories/34115Vendor Advisory
- http://www.securityfocus.com/bid/33972Exploit
- http://www.securitytracker.com/id?1021786
FAQ
What is CVE-2009-0819?
CVE-2009-0819 is a vulnerability with a CVSS score of 4.0 (MEDIUM). sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a ...
How severe is CVE-2009-0819?
CVE-2009-0819 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0819?
Check the references section above for vendor advisories and patch information. Affected products include: Mysql Mysql, Oracle Mysql.