cve/CVE-2010-3682.md at a1f7af13e63bb8df7e5f4b4213aa3bc22aa59913

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.

POC

Reference

http://www.ubuntu.com/usn/USN-1017-1
https://bugzilla.redhat.com/show_bug.cgi?id=628328

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/DButter/whitehat_public
https://github.com/Dokukin1/Metasploitable
https://github.com/Furious992/HW13-01
https://github.com/Iknowmyname/Nmap-Scans-M2
https://github.com/NikulinMS/13-01-hw
https://github.com/Zhivarev/13-01-hw
https://github.com/lekctut/sdb-hw-13-01
https://github.com/mrt2h/DZ
https://github.com/pedr0alencar/vlab-metasploitable2
https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
https://github.com/tomwillfixit/alpine-cvecheck
https://github.com/zzzWTF/db-13-01

1.4 KiB Raw Blame History

CVE-2010-3682

Description

POC

Reference

Github

1.4 KiB

Raw Blame History