製品・ソフトウェアに関する情報

JVN脆弱性詳細

MariaDB および Oracle MySQL におけるサービス運用妨害 (DoS) の脆弱性

Title	MariaDB および Oracle MySQL におけるサービス運用妨害 (DoS) の脆弱性
Summary	MariaDB および Oracle MySQL は、数値計算のエラーに関する処理に不備があるため、サービス運用妨害 (クラッシュ) 状態にされる脆弱性が存在します。
Possible impacts	第三者により、巧妙に細工された多数のポイントを指定されるとバイナリ表現を適切に処理しないジオメトリの機能を介して、サービス運用妨害 (クラッシュ) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	March 5, 2013, midnight
Registration Date	April 1, 2013, 8:51 p.m.
Last Update	Nov. 1, 2013, 2:27 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected System

レッドハット

Red Hat Enterprise Linux 5

Red Hat Enterprise Linux 6

オラクル

MySQL 5.1.69 およびそれ以前の 5.1.x

MySQL 5.5.31 およびそれ以前の 5.5.x

MySQL 5.6.11 およびそれ以前の 5.6.x

MariaDB Corporation Ab.

MariaDB 5.1.68 未満の 5.1.x

MariaDB 5.2.15 未満の 5.2.x

MariaDB 5.3.13 未満の 5.3.x

MariaDB 5.5.30 未満の 5.5.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2013-1861	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1861
CVE データベース
2	CVE-2013-1861	https://access.redhat.com/security/cve/CVE-2013-1861
National Vulnerability Database (NVD)
3	CVE-2013-1861	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1861

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
MariaDB Development
1	MDEV-4252	https://mariadb.atlassian.net/browse/MDEV-4252
MySQL
2	Top Page	http://dev.mysql.com/
opensuse-security-announce
3	SUSE-SU-2013:1390	http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html
4	SUSE-SU-2013:1529	http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html
Oracle Critical Patch Update
5	Oracle Critical Patch Update Advisory - July 2013	http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
6	Text Form of Oracle Critical Patch Update - July 2013 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujuly2013verbose-1899830.html
Red Hat Bugzilla
7	Bug 919247	https://bugzilla.redhat.com/show_bug.cgi?id=919247
SECURITY BLOG
8	July 2013 Critical Patch Update Released	https://blogs.oracle.com/security/entry/july_2013_critical_patch_update
9	Multiple vulnerabilities in MySQL	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_mysql

Change Log

No	Changed Details	Date of change
0	[2013年04月01日] 掲載 [2013年07月18日] 影響を受けるシステム：オラクル (Oracle Critical Patch Update Advisory - July 2013) の情報を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - July 2013) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - July 2013 Risk Matrices ) を追加ベンダ情報：オラクル (July 2013 Critical Patch Update Released) を追加 [2013年11月01日] ベンダ情報：Novell (SUSE-SU-2013:1529) を追加ベンダ情報：Novell (SUSE-SU-2013:1390) を追加ベンダ情報：オラクル (Multiple vulnerabilities in MySQL) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2013-1861

Summary	MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
Publication Date	March 29, 2013, 8:55 a.m.
Registration Date	Jan. 26, 2021, 3:37 p.m.
Last Update	Nov. 21, 2024, 10:50 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mariadb:mariadb::::::::	5.5.0			5.5.32
cpe:2.3:a:mariadb:mariadb::::::::	10.0.0			10.0.4

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:oracle:mysql::::::::	5.5.0	5.5.31
cpe:2.3:a:oracle:mysql::::::::	5.6.0	5.6.11
cpe:2.3:a:oracle:mysql::::::::	5.1.0	5.1.69

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:5:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:mariadb:mariadb::::::::	5.5.0			5.5.32
cpe:2.3:a:mariadb:mariadb::::::::	10.0.0			10.0.4

Configuration5		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:7.0:::::::*

Configuration6	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::*
cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::

Configuration7	or higher	or less	more than	less than
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3::::::
cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::vmware::*
cpe:2.3:o:opensuse:opensuse:12.3:::::::*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3::::::
cpe:2.3:o:opensuse:opensuse:11.4:::::::*
cpe:2.3:o:opensuse:opensuse:12.2:::::::*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::-::*

Related information, measures and tools

No	URL	タグ
1	http://lists.askmonty.org/pipermail/commits/2013-March/004371.html	Mailing List Third Party Advisory
2	http://lists.askmonty.org/pipermail/commits/2013-March/004371.html	Mailing List Third Party Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html	Mailing List Third Party Advisory
4	http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html	Mailing List Third Party Advisory
5	http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html	Mailing List Third Party Advisory
6	http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html	Mailing List Third Party Advisory
7	http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html	Mailing List Third Party Advisory
8	http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html	Mailing List Third Party Advisory
9	http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html	Mailing List Third Party Advisory
10	http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html	Mailing List Third Party Advisory
11	http://seclists.org/oss-sec/2013/q1/671	Mailing List Third Party Advisory
12	http://seclists.org/oss-sec/2013/q1/671	Mailing List Third Party Advisory
13	http://secunia.com/advisories/52639	Not Applicable
14	http://secunia.com/advisories/52639	Not Applicable
15	http://secunia.com/advisories/54300	Not Applicable
16	http://secunia.com/advisories/54300	Not Applicable
17	http://security.gentoo.org/glsa/glsa-201409-04.xml	Third Party Advisory
18	http://security.gentoo.org/glsa/glsa-201409-04.xml	Third Party Advisory
19	http://www.debian.org/security/2013/dsa-2818	Third Party Advisory
20	http://www.debian.org/security/2013/dsa-2818	Third Party Advisory
21	http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html	Third Party Advisory
22	http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html	Third Party Advisory
23	http://www.osvdb.org/91415	Broken Link
24	http://www.osvdb.org/91415	Broken Link
25	http://www.securityfocus.com/bid/58511	Exploit Third Party Advisory VDB Entry
26	http://www.securityfocus.com/bid/58511	Exploit Third Party Advisory VDB Entry
27	http://www.ubuntu.com/usn/USN-1909-1	Third Party Advisory
28	http://www.ubuntu.com/usn/USN-1909-1	Third Party Advisory
29	https://bugzilla.redhat.com/show_bug.cgi?id=919247	Issue Tracking Third Party Advisory
30	https://bugzilla.redhat.com/show_bug.cgi?id=919247	Issue Tracking Third Party Advisory
31	https://exchange.xforce.ibmcloud.com/vulnerabilities/82895	Third Party Advisory VDB Entry
32	https://exchange.xforce.ibmcloud.com/vulnerabilities/82895	Third Party Advisory VDB Entry
33	https://mariadb.atlassian.net/browse/MDEV-4252	Broken Link
34	https://mariadb.atlassian.net/browse/MDEV-4252	Broken Link

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

Configuration7	or higher	or less	more than	less than
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3::::::
cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::vmware::*
cpe:2.3:o:opensuse:opensuse:12.3:::::::*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3::::::
cpe:2.3:o:opensuse:opensuse:11.4:::::::*
cpe:2.3:o:opensuse:opensuse:12.2:::::::*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::-::*