NVD脆弱性詳細

CVE-2009-0819

概要	sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
概要	El archivo sql/item_xmlfunc.cc en MySQL versiones 5.1 anteriores a 5.1.32 y versiones 6.0 anteriores a 6.0.10, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) por medio de "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," que desencadena un fallo de aserción.
公表日	2009年3月5日11:30
登録日	2021年1月29日13:15
最終更新日	2026年4月23日9:35

CVSS2.0 : MEDIUM
スコア	4.0
ベクター	AV:N/AC:L/Au:S/C:N/I:N/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	単一
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:mysql:mysql::::::::		5.1.32-bzr
cpe:2.3:a:mysql:mysql:5.1.23:::::::*
cpe:2.3:a:mysql:mysql:5.1.31:::::::*
cpe:2.3:a:mysql:mysql:6.0.9:::::::*
cpe:2.3:a:mysql:mysql:6.0.10-bzr:::::::*
cpe:2.3:a:oracle:mysql:5.1:::::::*
cpe:2.3:a:oracle:mysql:5.1.1:::::::*
cpe:2.3:a:oracle:mysql:5.1.2:::::::*
cpe:2.3:a:oracle:mysql:5.1.3:::::::*
cpe:2.3:a:oracle:mysql:5.1.10:::::::*
cpe:2.3:a:oracle:mysql:5.1.11:::::::*
cpe:2.3:a:oracle:mysql:5.1.12:::::::*
cpe:2.3:a:oracle:mysql:5.1.13:::::::*
cpe:2.3:a:oracle:mysql:5.1.14:::::::*
cpe:2.3:a:oracle:mysql:5.1.15:::::::*
cpe:2.3:a:oracle:mysql:5.1.16:::::::*
cpe:2.3:a:oracle:mysql:5.1.17:::::::*
cpe:2.3:a:oracle:mysql:5.1.18:::::::*
cpe:2.3:a:oracle:mysql:5.1.19:::::::*
cpe:2.3:a:oracle:mysql:5.1.20:::::::*
cpe:2.3:a:oracle:mysql:5.1.21:::::::*
cpe:2.3:a:oracle:mysql:5.1.22:::::::*
cpe:2.3:a:oracle:mysql:5.1.23:a::::::
cpe:2.3:a:oracle:mysql:5.1.24:::::::*
cpe:2.3:a:oracle:mysql:5.1.25:::::::*
cpe:2.3:a:oracle:mysql:5.1.26:::::::*
cpe:2.3:a:oracle:mysql:5.1.27:::::::*
cpe:2.3:a:oracle:mysql:5.1.28:::::::*
cpe:2.3:a:oracle:mysql:5.1.29:::::::*
cpe:2.3:a:oracle:mysql:5.1.30:::::::*
cpe:2.3:a:oracle:mysql:5.1.31:sp1::::::
cpe:2.3:a:oracle:mysql:6.0.0:::::::*
cpe:2.3:a:oracle:mysql:6.0.1:::::::*
cpe:2.3:a:oracle:mysql:6.0.2:::::::*
cpe:2.3:a:oracle:mysql:6.0.3:::::::*
cpe:2.3:a:oracle:mysql:6.0.4:::::::*

関連情報、対策とツール

No	URL	refsource
1	http://bugs.mysql.com/bug.php?id=42495	cve@mitre.org
2	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html	cve@mitre.org
3	http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html	cve@mitre.org
4	http://secunia.com/advisories/34115	cve@mitre.org
5	http://www.securityfocus.com/bid/33972	cve@mitre.org
6	http://www.securitytracker.com/id?1021786	cve@mitre.org
7	http://www.vupen.com/english/advisories/2009/0594	cve@mitre.org
8	https://exchange.xforce.ibmcloud.com/vulnerabilities/49050	cve@mitre.org
9	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7544	cve@mitre.org
10	http://bugs.mysql.com/bug.php?id=42495	af854a3a-2127-422b-91ae-364da2661108
11	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html	af854a3a-2127-422b-91ae-364da2661108
12	http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html	af854a3a-2127-422b-91ae-364da2661108
13	http://secunia.com/advisories/34115	af854a3a-2127-422b-91ae-364da2661108
14	http://www.securityfocus.com/bid/33972	af854a3a-2127-422b-91ae-364da2661108
15	http://www.securitytracker.com/id?1021786	af854a3a-2127-422b-91ae-364da2661108
16	http://www.vupen.com/english/advisories/2009/0594	af854a3a-2127-422b-91ae-364da2661108
17	https://exchange.xforce.ibmcloud.com/vulnerabilities/49050	af854a3a-2127-422b-91ae-364da2661108
18	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7544	af854a3a-2127-422b-91ae-364da2661108

共通脆弱性一覧

構成1	以上	以下	より上	未満
cpe:2.3:a:mysql:mysql::::::::		5.1.32-bzr
cpe:2.3:a:mysql:mysql:5.1.23:::::::*
cpe:2.3:a:mysql:mysql:5.1.31:::::::*
cpe:2.3:a:mysql:mysql:6.0.9:::::::*
cpe:2.3:a:mysql:mysql:6.0.10-bzr:::::::*
cpe:2.3:a:oracle:mysql:5.1:::::::*
cpe:2.3:a:oracle:mysql:5.1.1:::::::*
cpe:2.3:a:oracle:mysql:5.1.2:::::::*
cpe:2.3:a:oracle:mysql:5.1.3:::::::*
cpe:2.3:a:oracle:mysql:5.1.10:::::::*
cpe:2.3:a:oracle:mysql:5.1.11:::::::*
cpe:2.3:a:oracle:mysql:5.1.12:::::::*
cpe:2.3:a:oracle:mysql:5.1.13:::::::*
cpe:2.3:a:oracle:mysql:5.1.14:::::::*
cpe:2.3:a:oracle:mysql:5.1.15:::::::*
cpe:2.3:a:oracle:mysql:5.1.16:::::::*
cpe:2.3:a:oracle:mysql:5.1.17:::::::*
cpe:2.3:a:oracle:mysql:5.1.18:::::::*
cpe:2.3:a:oracle:mysql:5.1.19:::::::*
cpe:2.3:a:oracle:mysql:5.1.20:::::::*
cpe:2.3:a:oracle:mysql:5.1.21:::::::*
cpe:2.3:a:oracle:mysql:5.1.22:::::::*
cpe:2.3:a:oracle:mysql:5.1.23:a::::::
cpe:2.3:a:oracle:mysql:5.1.24:::::::*
cpe:2.3:a:oracle:mysql:5.1.25:::::::*
cpe:2.3:a:oracle:mysql:5.1.26:::::::*
cpe:2.3:a:oracle:mysql:5.1.27:::::::*
cpe:2.3:a:oracle:mysql:5.1.28:::::::*
cpe:2.3:a:oracle:mysql:5.1.29:::::::*
cpe:2.3:a:oracle:mysql:5.1.30:::::::*
cpe:2.3:a:oracle:mysql:5.1.31:sp1::::::
cpe:2.3:a:oracle:mysql:6.0.0:::::::*
cpe:2.3:a:oracle:mysql:6.0.1:::::::*
cpe:2.3:a:oracle:mysql:6.0.2:::::::*
cpe:2.3:a:oracle:mysql:6.0.3:::::::*
cpe:2.3:a:oracle:mysql:6.0.4:::::::*