CVE-2007-1420
MySQL 5.0.x - Single Row SubSelect Remote Denial of Service
Severity Score
5.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
MySQL versión 5.x anterior a 5.0.36, permite a los usuarios locales causar una denegación de servicio (bloqueo de base de datos) al realizar subselecciones de la tabla information_schema y utilizar ORDER BY para ordenar un resultado de una sola fila, lo que impide que determinados elementos de la estructura se inicialicen y desencadene una desreferencia de NULL en la función filesort.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-03-09 First Exploit
- 2007-03-12 CVE Reserved
- 2007-03-12 CVE Published
- 2024-08-07 CVE Updated
- 2025-05-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (23)
| URL | Tag | Source |
|---|---|---|
| http://bugs.mysql.com/bug.php?id=24630 | X_refsource_confirm | |
| http://securityreason.com/securityalert/2413 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/462339/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1017746 | Vdb Entry | |
| https://issues.rpath.com/browse/RPL-1127 | X_refsource_confirm | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9530 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/29724 | 2007-03-09 | |
| http://www.sec-consult.com/284.html | 2024-08-07 | |
| http://www.securityfocus.com/bid/22900 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-36.html | 2019-12-17 | |
| http://secunia.com/advisories/24483 | 2019-12-17 | |
| http://secunia.com/advisories/24609 | 2019-12-17 | |
| http://secunia.com/advisories/25196 | 2019-12-17 | |
| http://secunia.com/advisories/25389 | 2019-12-17 | |
| http://secunia.com/advisories/25946 | 2019-12-17 | |
| http://secunia.com/advisories/30351 | 2019-12-17 | |
| http://security.gentoo.org/glsa/glsa-200705-11.xml | 2019-12-17 | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | 2019-12-17 | |
| http://www.redhat.com/support/errata/RHSA-2008-0364.html | 2019-12-17 | |
| http://www.ubuntu.com/usn/usn-440-1 | 2019-12-17 | |
| http://www.vupen.com/english/advisories/2007/0908 | 2019-12-17 | |
| https://access.redhat.com/security/cve/CVE-2007-1420 | 2008-05-20 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=232603 | 2008-05-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | <= 5.0.33 Search vendor "Mysql" for product "Mysql" and version " <= 5.0.33" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.0 Search vendor "Mysql" for product "Mysql" and version "5.0.0" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.1 Search vendor "Mysql" for product "Mysql" and version "5.0.1" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.2 Search vendor "Mysql" for product "Mysql" and version "5.0.2" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.3 Search vendor "Mysql" for product "Mysql" and version "5.0.3" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.4 Search vendor "Mysql" for product "Mysql" and version "5.0.4" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.5 Search vendor "Mysql" for product "Mysql" and version "5.0.5" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.10 Search vendor "Mysql" for product "Mysql" and version "5.0.10" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.15 Search vendor "Mysql" for product "Mysql" and version "5.0.15" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.16 Search vendor "Mysql" for product "Mysql" and version "5.0.16" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.17 Search vendor "Mysql" for product "Mysql" and version "5.0.17" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.20 Search vendor "Mysql" for product "Mysql" and version "5.0.20" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.24 Search vendor "Mysql" for product "Mysql" and version "5.0.24" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.30 Search vendor "Mysql" for product "Mysql" and version "5.0.30" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.0.6 Search vendor "Oracle" for product "Mysql" and version "5.0.6" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.0.7 Search vendor "Oracle" for product "Mysql" and version "5.0.7" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.0.32 Search vendor "Oracle" for product "Mysql" and version "5.0.32" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.0.41 Search vendor "Oracle" for product "Mysql" and version "5.0.41" | - |
Affected
| ||||||