CVE-2013-3839
mysql: unspecified DoS related to Optimizer (CPU October 2013)
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Vulnerabilidad no especificada en el componente MySQL Server de Oracle MySQL 5.1.70 y anteriores, 5.5.32 y anteriores y 5.6.12 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Optimizer.
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. A buffer overflow flaw was found in the way the MySQL command line client tool processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-06-03 CVE Reserved
- 2013-10-16 CVE Published
- 2024-08-06 CVE Updated
- 2025-04-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/55291 | Not Applicable | |
| http://www.securityfocus.com/bid/63109 | Third Party Advisory | |
| http://www.securitytracker.com/id/1029184 | Broken Link |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-0173.html | 2022-08-26 | |
| http://rhn.redhat.com/errata/RHSA-2014-0186.html | 2022-08-26 | |
| http://rhn.redhat.com/errata/RHSA-2014-0189.html | 2022-08-26 | |
| http://security.gentoo.org/glsa/glsa-201409-04.xml | 2022-08-26 | |
| http://www.debian.org/security/2013/dsa-2780 | 2022-08-26 | |
| http://www.debian.org/security/2013/dsa-2818 | 2022-08-26 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | 2022-08-26 | |
| http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | 2022-08-26 | |
| http://www.ubuntu.com/usn/USN-2006-1 | 2022-08-26 | |
| https://access.redhat.com/security/cve/CVE-2013-3839 | 2014-02-19 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1019978 | 2014-02-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | >= 5.1.0 <= 5.1.70 Search vendor "Oracle" for product "Mysql" and version " >= 5.1.0 <= 5.1.70" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | >= 5.5.0 <= 5.5.32 Search vendor "Oracle" for product "Mysql" and version " >= 5.5.0 <= 5.5.32" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | >= 5.6.0 <= 5.6.12 Search vendor "Oracle" for product "Mysql" and version " >= 5.6.0 <= 5.6.12" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 5.5.0 < 5.5.33 Search vendor "Mariadb" for product "Mariadb" and version " >= 5.5.0 < 5.5.33" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.0.0 < 10.0.5 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.0.0 < 10.0.5" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 13.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "13.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 13.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "13.10" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "5.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "5.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 6.0 Search vendor "Debian" for product "Debian Linux" and version "6.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||