CVE-2007-1420

MySQL 5.0.x - Single Row SubSelect Remote Denial of Service

Severity Score

2.1

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.

MySQL versión 5.x anterior a 5.0.36, permite a los usuarios locales causar una denegación de servicio (bloqueo de base de datos) al realizar subselecciones de la tabla information_schema y utilizar ORDER BY para ordenar un resultado de una sola fila, lo que impide que determinados elementos de la estructura se inicialicen y desencadene una desreferencia de NULL en la función filesort.

*Credits: N/A

CVSS Scores

NISTv2 2.1

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-03-09 First Exploit
2007-03-12 CVE Reserved
2007-03-12 CVE Published
2024-08-07 CVE Updated
2024-09-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (23)

URL	Tag	Source
http://bugs.mysql.com/bug.php?id=24630	X_refsource_confirm
http://securityreason.com/securityalert/2413	Third Party Advisory
http://www.securityfocus.com/archive/1/462339/100/0/threaded	Mailing List
http://www.securitytracker.com/id?1017746	Vdb Entry
https://issues.rpath.com/browse/RPL-1127	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9530	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/29724	2007-03-09
http://www.sec-consult.com/284.html	2024-08-07
http://www.securityfocus.com/bid/22900	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-36.html	2019-12-17
http://secunia.com/advisories/24483	2019-12-17
http://secunia.com/advisories/24609	2019-12-17
http://secunia.com/advisories/25196	2019-12-17
http://secunia.com/advisories/25389	2019-12-17
http://secunia.com/advisories/25946	2019-12-17
http://secunia.com/advisories/30351	2019-12-17
http://security.gentoo.org/glsa/glsa-200705-11.xml	2019-12-17
http://www.mandriva.com/security/advisories?name=MDKSA-2007:139	2019-12-17
http://www.redhat.com/support/errata/RHSA-2008-0364.html	2019-12-17
http://www.ubuntu.com/usn/usn-440-1	2019-12-17
http://www.vupen.com/english/advisories/2007/0908	2019-12-17
https://access.redhat.com/security/cve/CVE-2007-1420	2008-05-20
https://bugzilla.redhat.com/show_bug.cgi?id=232603	2008-05-20

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				<= 5.0.33 Search vendor "Mysql" for product "Mysql" and version " <= 5.0.33"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.0 Search vendor "Mysql" for product "Mysql" and version "5.0.0"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.1 Search vendor "Mysql" for product "Mysql" and version "5.0.1"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.2 Search vendor "Mysql" for product "Mysql" and version "5.0.2"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.3 Search vendor "Mysql" for product "Mysql" and version "5.0.3"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.4 Search vendor "Mysql" for product "Mysql" and version "5.0.4"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.5 Search vendor "Mysql" for product "Mysql" and version "5.0.5"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.10 Search vendor "Mysql" for product "Mysql" and version "5.0.10"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.15 Search vendor "Mysql" for product "Mysql" and version "5.0.15"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.16 Search vendor "Mysql" for product "Mysql" and version "5.0.16"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.17 Search vendor "Mysql" for product "Mysql" and version "5.0.17"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.20 Search vendor "Mysql" for product "Mysql" and version "5.0.20"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.24 Search vendor "Mysql" for product "Mysql" and version "5.0.24"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.30 Search vendor "Mysql" for product "Mysql" and version "5.0.30"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.6 Search vendor "Oracle" for product "Mysql" and version "5.0.6"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.7 Search vendor "Oracle" for product "Mysql" and version "5.0.7"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.32 Search vendor "Oracle" for product "Mysql" and version "5.0.32"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.41 Search vendor "Oracle" for product "Mysql" and version "5.0.41"		-		Affected