[debian-mysql] Bug#706715: mysql-server: CVE-2013-1861: Denial of service via a crafted geometry feature

Simon Frankenberger simon at wf-hosting.de
Tue May 14 10:18:24 UTC 2013


Issue can not be reproduced using latest mysql-server-5.1 on Squeeze:

>Server version: 5.1.66-0+squeeze1 (Debian)
>
>Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights 
> reserved.
>
>Oracle is a registered trademark of Oracle Corporation and/or its
>affiliates. Other names may be trademarks of their respective
>owners.
>
>Type 'help;' or '\h' for help. Type '\c' to clear the current input 
> statement.
>
>mysql> select astext(0x0100000000030000000100000000000010);
>>ERROR 5 (HY000): Out of memory (Needed 4026531856 bytes)
>mysql> SELECT 1;
>>+---+
>>| 1 |
>>+---+
>>| 1 |
>>+---+
>>1 row in set (0.00 sec)

Regards,
Simon



More information about the pkg-mysql-maint mailing list