Timeline :

Public release of the vulnerabilities the 2012-03-21
Details of the vulnerability published by Oracle the 2012-04-10
PoC provided by Oracle the 2012-03-21 in the source code of 5.5.22 and 5.1.62

PoC provided by :


Reference(s) :

MySQL 5.5.22 release note
MySQL 5.1.62 release note
Eric Romang Pastebin

Affected version(s) :

MySQL Server 5.5.21 and previous versions
MySQL Server 5.1.61 and previous versions

Tested on Centos 5 with :

MySQL 5.5.21

Description :

Oracle has release, the 21 March, two new versions of MySQL, version 5.5.22 and 5.1.62. These versions have fix two bugs #13510739 and #63775 how are considered as security fixes. But no impact details of these bugs are provided and the bugs report are closed.
Unfortunately for Oracle the two new versions were shipped with a development script “mysql-test/suite/innodb/t/innodb_bug13510739.test” in order to test the fix of the vulnerabilities, a PoC provided by Oracle. The bugs cause a denial of service of MySQL “ON HANDLER READ NEXT AFTER DELETE RECORD“. All the details are available in the script or on the upper Pastebin link.

Commands :

mysql -u root -p database < innodb_bug13510739.test