PublicDate: 2006-12-31 05:00:00 UTC
Candidate: CVE-2006-7232
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7232
 https://ubuntu.com/security/notices/USN-588-1
Description:
 sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows
 remote authenticated users to cause a denial of service (crash) via an
 EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally
 demonstrated using ORDER BY.
Ubuntu-Description:
Notes:
 jdstrand> DoS, but escalated to medium for customer
Bugs:
 https://bugs.launchpad.net/ubuntu/gutsy/+source/mysql-dfsg-5.0/+bug/201009
 https://bugs.launchpad.net/ubuntu/+source/mysql-dfsg-5.0/+bug/161127
 https://bugs.launchpad.net/ubuntu/+bug/173641
Priority: medium
Discovered-by:
Assigned-to: jdstrand
CVSS: 

Patches_mysql-dfsg-5.0:
upstream_mysql-dfsg-5.0: released (5.0.32)
dapper_mysql-dfsg-5.0: released (5.0.22-0ubuntu6.06.8)
edgy_mysql-dfsg-5.0: released (5.0.24a-9ubuntu2.4)
feisty_mysql-dfsg-5.0: not-affected
gutsy_mysql-dfsg-5.0: not-affected
devel_mysql-dfsg-5.0: not-affected