Vulnerability Details : CVE-2007-1420
Potential exploit
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
Vulnerability category: Denial of service
Products affected by CVE-2007-1420
- cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*
Threat overview for CVE-2007-1420
Top countries where our scanners detected CVE-2007-1420
Top open port discovered on systems with this issue
3306
IPs affected by CVE-2007-1420 1,403
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-1420!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-1420
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 18 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-1420
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST |
Vendor statements for CVE-2007-1420
-
Red Hat 2008-07-25This issue did not affect mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3, and 4. Issue was addressed in mysql packages as shipped in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0364.html
References for CVE-2007-1420
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9530
-
http://secunia.com/advisories/25389
Vendor Advisory
-
http://www.vupen.com/english/advisories/2007/0908
Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2008-0364.html
Vendor Advisory
-
http://securityreason.com/securityalert/2413
-
http://security.gentoo.org/glsa/glsa-200705-11.xml
-
http://secunia.com/advisories/25196
Vendor Advisory
-
http://secunia.com/advisories/24483
Vendor Advisory
-
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-36.html
Vendor Advisory
-
http://www.securitytracker.com/id?1017746
-
http://secunia.com/advisories/30351
Vendor Advisory
-
http://bugs.mysql.com/bug.php?id=24630
-
http://www.securityfocus.com/bid/22900
Exploit;Patch
-
http://secunia.com/advisories/25946
Vendor Advisory
-
http://secunia.com/advisories/24609
Vendor Advisory
-
http://www.sec-consult.com/284.html
Exploit
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:139
-
http://www.ubuntu.com/usn/usn-440-1
-
http://www.securityfocus.com/archive/1/462339/100/0/threaded
-
https://issues.rpath.com/browse/RPL-1127
Jump to