CVE-2010-3678 : Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2)

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.

Published 2011-01-11 20:00:01

Updated 2019-12-17 20:23:43

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Threat overview for CVE-2010-3678

Top countries where our scanners detected CVE-2010-3678

Top open port discovered on systems with this issue 3306

IPs affected by CVE-2010-3678 12,095

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2010-3678!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2010-3678

Probability of exploitation activity in the next 30 days: 8.44%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-3678

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2010-3678

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-3678

http://www.vupen.com/english/advisories/2011/0133

Webmail | OVH- OVH
Vendor Advisory

CVEs referencing this url
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html

MySQL :: Page Not Found

CVEs referencing this url
http://www.vupen.com/english/advisories/2011/0170

Webmail | OVH- OVH
Vendor Advisory

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2011-0164.html

Support

CVEs referencing this url
http://www.securityfocus.com/bid/42596

Oracle MySQL Prior to 5.1.49 'WITH ROLLUP' Denial Of Service Vulnerability
http://www.mandriva.com/security/advisories?name=MDVSA-2011:012

mandriva.com

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2010:019

CVEs referencing this url
http://www.ubuntu.com/usn/USN-1017-1

USN-1017-1: MySQL vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.ubuntu.com/usn/USN-1397-1

USN-1397-1: MySQL vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2010:155

mandriva.com

CVEs referencing this url
http://bugs.mysql.com/bug.php?id=54477

MySQL Bugs: Access denied
Exploit;Patch
http://www.openwall.com/lists/oss-security/2010/09/28/10

oss-security - Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws
Exploit;Patch

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=628172

628172 – (CVE-2010-3678) CVE-2010-3678 MySQL: mysqld DoS (crash) by processing IN / CASE statements with NULL arguments (MySQL bug #54477)
Exploit;Patch

Products affected by CVE-2010-3678