CVE-2010-3678

Priority
Description
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a
denial of service (crash) via (1) IN or (2) CASE operations with NULL
arguments that are explicitly specified or indirectly provided by the WITH
ROLLUP modifier.
Notes
jdstrandmysql-cluster-7.0 not supported per server team
mdeslaurfixed in 5.1.49
reproducer: select greatest((((1) in ((null),(-10),(0.5)))),(1));
doesn't apply to 5.0.x
Package
Upstream:released (5.1.49)
Package
Upstream:needs-triage
Package
Upstream:not-affected
More Information

Updated: 2020-09-10 01:38:06 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)