Vulnerability Details : CVE-2013-1861
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2013-1861
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Threat overview for CVE-2013-1861
Top countries where our scanners detected CVE-2013-1861
Top open port discovered on systems with this issue
53
IPs affected by CVE-2013-1861 20,647
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-1861!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-1861
40.37%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1861
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-1861
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1861
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/82895
Oracle MySQL and MariaDB geometry queries denial of service CVE-2013-1861 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html
openSUSE-SU-2013:1335-1: moderate: update for mariadb, mysql-community-sMailing List;Third Party Advisory
-
http://seclists.org/oss-sec/2013/q1/671
oss-sec: CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqldMailing List;Third Party Advisory
-
http://lists.askmonty.org/pipermail/commits/2013-March/004371.html
[Commits] Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/Mailing List;Third Party Advisory
-
https://mariadb.atlassian.net/browse/MDEV-4252
[MDEV-4252] geometry query crashes server - JIRABroken Link
-
http://www.ubuntu.com/usn/USN-1909-1
USN-1909-1: MySQL vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.debian.org/security/2013/dsa-2818
Debian -- Security Information -- DSA-2818-1 mysql-5.5Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=919247
919247 – (CVE-2013-1861) CVE-2013-1861 mysql: geometry query crashes mysqld (CPU July 2013)Issue Tracking;Third Party Advisory
-
http://security.gentoo.org/glsa/glsa-201409-04.xml
MySQL: Multiple vulnerabilities (GLSA 201409-04) — Gentoo securityThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html
openSUSE-SU-2013:1410-1: moderate: update for mysql-community-serverMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/58511
MySQL and MariaDB Geometry Query Denial Of Service VulnerabilityExploit;Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html
[security-announce] SUSE-SU-2013:1529-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html
[security-announce] SUSE-SU-2013:1390-1: important: Security update forMailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
Oracle Critical Patch Update - July 2013Third Party Advisory
Jump to