CVE-2006-7232

sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.

Published: Dec 31, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-7232
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:N/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
mysql / mysql	5.0	5.0.32
mysql / mysql	5.1	5.1.14
canonical / ubuntu_linux	6.06	6.06.x
canonical / ubuntu_linux	7.04	7.04.x
canonical / ubuntu_linux	7.10	7.10.x
canonical / ubuntu_linux	6.10	6.10.x

http://bugs.mysql.com/bug.php?id=22413
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-32.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-14.html
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://secunia.com/advisories/29443
http://secunia.com/advisories/30351
http://secunia.com/advisories/31687
http://www.redhat.com/support/errata/RHSA-2008-0364.html
http://www.securityfocus.com/bid/28351
http://www.ubuntu.com/usn/usn-588-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11720

Vulnerability Database

289,599

CVE-2006-7232