Bug 858730 - mysql, mariadb: NULL pointer dereference by testing if ORDER BY clause can be skipped by using an index (SA#50485)
mysql, mariadb: NULL pointer dereference by testing if ORDER BY clause can be...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20120823,repor...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-19 10:04 EDT by Jan Lieskovsky
Modified: 2016-03-04 06:32 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2012-09-19 10:04:10 EDT
A NULL pointer dereference flaw was found in the way MariaDB, a community-developed branch of the MySQL database, performed tests if the ORDER BY clause, present in SQL statement could by replaced / skipped by using of an index. A database user could use this flaw to cause mysqld daemon crash (denial of service).

Upstream tickets:
[1] https://mariadb.atlassian.net/browse/MDEV-430
[2] https://mariadb.atlassian.net/browse/MDEV-405 (duplicate of the first one)

Relevant upstream patches:
[3] http://bazaar.launchpad.net/%7Emaria-captains/maria/5.5/revision/3501.1.1
[4] http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/3512

References:
[5] http://kb.askmonty.org/en/mariadb-5527-changelog/
[6] https://secunia.com/advisories/50485/
[7] https://bugs.gentoo.org/show_bug.cgi?id=434874
Comment 1 Jan Lieskovsky 2012-09-19 10:06:51 EDT
This issue did NOT affect the versions of the mysql package, as shipped with
Red Hat Enterprise Linux 5 and 6.

--

This issue did NOT affect the versions of the mysql package, as shipped with Fedora release of 16 and 17.

Note You need to log in before you can comment on or make changes to this bug.