Vulnerability Details : CVE-2007-2583
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.
Vulnerability category: Memory CorruptionDenial of service
Threat overview for CVE-2007-2583
Top countries where our scanners detected CVE-2007-2583
Top open port discovered on systems with this issue
5555
IPs affected by CVE-2007-2583 121
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-2583!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-2583
Probability of exploitation activity in the next 30 days: 0.28%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 68 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-2583
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
Vendor statements for CVE-2007-2583
-
Red Hat 2008-07-25This issue did not affect mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3, and 4. Issue was addressed in mysql packages as shipped in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0364.html
-
https://issues.rpath.com/browse/RPL-1356
Broken Link
-
http://packetstormsecurity.com/files/124295/MySQL-5.0.x-Denial-Of-Service.html
Third Party Advisory;VDB Entry
-
http://www.debian.org/security/2007/dsa-1413
Patch;Third Party Advisory
-
http://bugs.mysql.com/bug.php?id=27513
Issue Tracking;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2008-0364.html
Vendor Advisory
-
http://www.securityfocus.com/bid/23911
Third Party Advisory;VDB Entry;Vendor Advisory
-
http://www.vupen.com/english/advisories/2007/1731
Vendor Advisory
-
http://security.gentoo.org/glsa/glsa-200705-11.xml
Third Party Advisory
-
http://www.exploit-db.com/exploits/30020
Third Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/34232
Third Party Advisory;VDB Entry
-
http://www.trustix.org/errata/2007/0017/
Broken Link
-
http://lists.mysql.com/commits/23685
Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
Mailing List;Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:139
Third Party Advisory
-
https://usn.ubuntu.com/528-1/
Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9930
Third Party Advisory
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*