CVE-2009-0819

Name: CVE-2009-0819
Creator: NVD / NIST
Published: 2009-03-05T02:30:00.657+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 10.18%

Last modified Jun 16, 2026

CVE-2009-0819 is a vulnerability of currently unknown severity. sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.. EPSS estimates a 10.18% chance of exploitation in the next 30 days.

Description

sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.

Metrics

EPSS Probability

10.18%

95.1th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions	Update
Mysql	Mysql	<= 5.1.32-bzr	—
Mysql	Mysql	5.1.23	—
Mysql	Mysql	5.1.31	—
Mysql	Mysql	6.0.9	—
Mysql	Mysql	6.0.10-bzr	—
Oracle	Mysql	5.1	—
Oracle	Mysql	5.1.1	—
Oracle	Mysql	5.1.2	—
Oracle	Mysql	5.1.3	—
Oracle	Mysql	5.1.10	—
Oracle	Mysql	5.1.11	—
Oracle	Mysql	5.1.12	—
Oracle	Mysql	5.1.13	—
Oracle	Mysql	5.1.14	—
Oracle	Mysql	5.1.15	—
Oracle	Mysql	5.1.16	—
Oracle	Mysql	5.1.17	—
Oracle	Mysql	5.1.18	—
Oracle	Mysql	5.1.19	—
Oracle	Mysql	5.1.20	—
Oracle	Mysql	5.1.21	—
Oracle	Mysql	5.1.22	—
Oracle	Mysql	5.1.23	A
Oracle	Mysql	5.1.24	—
Oracle	Mysql	5.1.25	—
Oracle	Mysql	5.1.26	—
Oracle	Mysql	5.1.27	—
Oracle	Mysql	5.1.28	—
Oracle	Mysql	5.1.29	—
Oracle	Mysql	5.1.30	—
Oracle	Mysql	5.1.31	Sp1
Oracle	Mysql	6.0.0	—
Oracle	Mysql	6.0.1	—
Oracle	Mysql	6.0.2	—
Oracle	Mysql	6.0.3	—
Oracle	Mysql	6.0.4	—

References

http://bugs.mysql.com/bug.php?id=42495Patch, Vendor Advisory
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.htmlVendor Advisory
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html
http://secunia.com/advisories/34115Vendor Advisory
http://www.securityfocus.com/bid/33972Exploit
http://www.securitytracker.com/id?1021786
http://www.vupen.com/english/advisories/2009/0594Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7544
http://bugs.mysql.com/bug.php?id=42495Patch, Vendor Advisory
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.htmlVendor Advisory
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html
http://secunia.com/advisories/34115Vendor Advisory
http://www.securityfocus.com/bid/33972Exploit
http://www.securitytracker.com/id?1021786
http://www.vupen.com/english/advisories/2009/0594Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7544

Timeline

Published: Mar 5, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-0819?

How severe is CVE-2009-0819?

Severity scoring for CVE-2009-0819 is pending analysis. The EPSS model estimates a 10.18% probability of exploitation in the next 30 days.

How do I fix CVE-2009-0819?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-0819?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST