sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML(), which triggers an assertion failure.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mysql | Mysql | * | 5.1.32-bzr (including) |
Mysql | Mysql | 5.1.23 (including) | 5.1.23 (including) |
Mysql | Mysql | 5.1.31 (including) | 5.1.31 (including) |
Mysql | Mysql | 6.0.9 (including) | 6.0.9 (including) |
Mysql | Mysql | 6.0.10-bzr (including) | 6.0.10-bzr (including) |
Mysql | Oracle | 5.1 (including) | 5.1 (including) |
Mysql | Oracle | 5.1.1 (including) | 5.1.1 (including) |
Mysql | Oracle | 5.1.2 (including) | 5.1.2 (including) |
Mysql | Oracle | 5.1.3 (including) | 5.1.3 (including) |
Mysql | Oracle | 5.1.10 (including) | 5.1.10 (including) |
Mysql | Oracle | 5.1.11 (including) | 5.1.11 (including) |
Mysql | Oracle | 5.1.12 (including) | 5.1.12 (including) |
Mysql | Oracle | 5.1.13 (including) | 5.1.13 (including) |
Mysql | Oracle | 5.1.14 (including) | 5.1.14 (including) |
Mysql | Oracle | 5.1.15 (including) | 5.1.15 (including) |
Mysql | Oracle | 5.1.16 (including) | 5.1.16 (including) |
Mysql | Oracle | 5.1.17 (including) | 5.1.17 (including) |
Mysql | Oracle | 5.1.18 (including) | 5.1.18 (including) |
Mysql | Oracle | 5.1.19 (including) | 5.1.19 (including) |
Mysql | Oracle | 5.1.20 (including) | 5.1.20 (including) |
Mysql | Oracle | 5.1.21 (including) | 5.1.21 (including) |
Mysql | Oracle | 5.1.22 (including) | 5.1.22 (including) |
Mysql | Oracle | 5.1.23-a (including) | 5.1.23-a (including) |
Mysql | Oracle | 5.1.24 (including) | 5.1.24 (including) |
Mysql | Oracle | 5.1.25 (including) | 5.1.25 (including) |
Mysql | Oracle | 5.1.26 (including) | 5.1.26 (including) |
Mysql | Oracle | 5.1.27 (including) | 5.1.27 (including) |
Mysql | Oracle | 5.1.28 (including) | 5.1.28 (including) |
Mysql | Oracle | 5.1.29 (including) | 5.1.29 (including) |
Mysql | Oracle | 5.1.30 (including) | 5.1.30 (including) |
Mysql | Oracle | 5.1.31-sp1 (including) | 5.1.31-sp1 (including) |
Mysql | Oracle | 6.0.0 (including) | 6.0.0 (including) |
Mysql | Oracle | 6.0.1 (including) | 6.0.1 (including) |
Mysql | Oracle | 6.0.2 (including) | 6.0.2 (including) |
Mysql | Oracle | 6.0.3 (including) | 6.0.3 (including) |
Mysql | Oracle | 6.0.4 (including) | 6.0.4 (including) |
Mysql-dfsg-5.0 | Ubuntu | gutsy | * |
Mysql-dfsg-5.0 | Ubuntu | upstream | * |
Mysql-dfsg-5.1 | Ubuntu | jaunty | * |
Mysql-dfsg-5.1 | Ubuntu | upstream | * |