thr3ads.net - Secure testing team - [Secure-testing-team] Bug#498362: mysql-common: DoS via empty bit-string literal (b'''') [Sep 2008]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Steffen Joeris

2008-Sep-09 12:45 UTC

[Secure-testing-team] Bug#498362: mysql-common: DoS via empty bit-string literal (b'''')

Package: mysql-common
Version: 5.0.51a-12
Severity: grave
Tags: security, patch
Justification: user security hole

Hi

Mysql upstream changelog says:

An empty bit-string literal (b'''') caused a server crash. Now
the value
is parsed as an empty bit value (which is treated as an empty string
in string context or 0 in numeric context). (Bug#35658)

You''ll find more information and a patch at the mysql upstream
bugreport[0]

A CVE id has been requested and I''ll forward it, once it got issued.

Cheers
Steffen

[0]: http://bugs.mysql.com/bug.php?id=35658

Secure testing team - Sep 2008 - Bug#498362: mysql-common: DoS via empty bit-string literal (b'')

[Secure-testing-team] Bug#498362: mysql-common: DoS via empty bit-string literal (b'''')