CVE-2007-2583

MySQL 5.0.x - IF Query Handling Remote Denial of Service

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.

La función in_decimal::set en el archivo item_cmpfunc.cc en mySQL versiones anteriores a 5.0.40, y versiones 5.1 anteriores a 5.1.18-beta, permite a atacantes dependiendo del contexto causar una denegación de servicio (bloqueo) por medio de una cláusula IF especialmente diseñada que resulta en un error de división por cero y una desreferencia del puntero NULL.

Neil Kettle discovered that MySQL could be made to dereference a NULL pointer and divide by zero. An authenticated user could exploit this with a crafted IF clause, leading to a denial of service. Victoria Reznichenko discovered that MySQL did not always require the DROP privilege. An authenticated user could exploit this via RENAME TABLE statements to rename arbitrary tables, possibly gaining additional database access. It was discovered that MySQL could be made to overflow a signed char during authentication. Remote attackers could use crafted authentication requests to cause a denial of service. Phil Anderton discovered that MySQL did not properly verify access privileges when accessing external tables. As a result, authenticated users could exploit this to obtain UPDATE privileges to external tables. In certain situations, when installing or upgrading mysql, there was no notification that the mysql root user password needed to be set. If the password was left unset, attackers would be able to obtain unrestricted access to mysql. This is now checked during mysql start-up.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-05-09 CVE Reserved
2007-05-09 CVE Published
2013-12-04 First Exploit
2024-08-07 CVE Updated
2025-07-24 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (30)

URL	Tag	Source
http://packetstormsecurity.com/files/124295/MySQL-5.0.x-Denial-Of-Service.html	Third Party Advisory
http://www.osvdb.org/34734	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/34232	Third Party Advisory
https://issues.rpath.com/browse/RPL-1356	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9930	Signature

URL	Date	SRC
https://packetstorm.news/files/id/124295	2013-12-05
https://www.exploit-db.com/exploits/30020	2013-12-04
http://www.exploit-db.com/exploits/30020	2024-08-07

URL	Date	SRC
http://secunia.com/advisories/25196	2021-11-08
http://www.debian.org/security/2007/dsa-1413	2021-11-08

URL	Date	SRC
http://bugs.mysql.com/bug.php?id=27513	2021-11-08
http://lists.mysql.com/commits/23685	2021-11-08
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html	2021-11-08
http://secunia.com/advisories/25188	2021-11-08
http://secunia.com/advisories/25255	2021-11-08
http://secunia.com/advisories/25389	2021-11-08
http://secunia.com/advisories/25946	2021-11-08
http://secunia.com/advisories/27155	2021-11-08
http://secunia.com/advisories/27823	2021-11-08
http://secunia.com/advisories/28838	2021-11-08
http://secunia.com/advisories/30351	2021-11-08
http://security.gentoo.org/glsa/glsa-200705-11.xml	2021-11-08
http://www.mandriva.com/security/advisories?name=MDKSA-2007:139	2021-11-08
http://www.redhat.com/support/errata/RHSA-2008-0364.html	2021-11-08
http://www.securityfocus.com/bid/23911	2021-11-08
http://www.trustix.org/errata/2007/0017	2021-11-08
http://www.vupen.com/english/advisories/2007/1731	2021-11-08
https://usn.ubuntu.com/528-1	2021-11-08
https://access.redhat.com/security/cve/CVE-2007-2583	2008-05-20
https://bugzilla.redhat.com/show_bug.cgi?id=240813	2008-05-20

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				< 5.0.40 Search vendor "Oracle" for product "Mysql" and version " < 5.0.40"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				>= 5.1 <= 5.1.17 Search vendor "Oracle" for product "Mysql" and version " >= 5.1 <= 5.1.17"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				7.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"		-		Affected