CVE-2010-3682

Priority
Description
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote
authenticated users to cause a denial of service (mysqld daemon crash) by
using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE
...)" statements, which triggers a NULL pointer dereference in the
Item_singlerow_subselect::store function.
Notes
jdstrandmysql-cluster-7.0 not supported per server team
mdeslaurfixed in 5.1.49
Package
Upstream:released (5.1.49)
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2020-09-10 01:38:07 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)