Unrated severityNVD Advisory· Published Mar 28, 2013· Updated Apr 29, 2026

CVE-2013-1861

Description

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.

Affected products

MariaDB/MariaDB
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Range: >=5.5.0,<5.5.32
Oracle Corporation/MySQL
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Range: >=5.1.0,<=5.1.69
Canonical/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
OpenSUSE/openSUSE3 versions
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
Red Hat/Enterprise Linux2 versions
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Server2 versions
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
SUSE S.A./Linux Enterprise Software Development Kit
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/58511nvdExploitThird Party AdvisoryVDB Entry
lists.askmonty.org/pipermail/commits/2013-March/004371.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-updates/2013-08/msg00024.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-updates/2013-09/msg00008.htmlnvdMailing ListThird Party Advisory
seclists.org/oss-sec/2013/q1/671nvdMailing ListThird Party Advisory
security.gentoo.org/glsa/glsa-201409-04.xmlnvdThird Party Advisory
www.debian.org/security/2013/dsa-2818nvdThird Party Advisory
www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.htmlnvdThird Party Advisory
www.ubuntu.com/usn/USN-1909-1nvdThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/82895nvdThird Party AdvisoryVDB Entry
secunia.com/advisories/52639nvdNot Applicable
secunia.com/advisories/54300nvdNot Applicable
www.osvdb.org/91415nvdBroken Link
mariadb.atlassian.net/browse/MDEV-4252nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.017
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000