oss-security - CVE request: MySQL empty bit-string literal server crash

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Date: Tue, 9 Sep 2008 14:18:40 +0200
From: Robert Buchholz <rbu@...too.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: MySQL empty bit-string literal server crash

Hi,

we consider the following bug a security issue. I'm not sure whether 
MySQL upstream feels so as well. Quoting the ChangeLog:

  An empty bit-string literal (b'') caused a server crash. Now the value  
  is parsed as an empty bit value (which is treated as an empty string
  in string context or 0 in numeric context). (Bug#35658)

Bug:
  http://bugs.mysql.com/bug.php?id=35658

ChangeLogs:
* 5.0.66
  http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html
* 5.1.26
  http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html
* 6.0.6
  http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html

Gentoo handles this as bug 237166 [ https://bugs.gentoo.org/237166 ].

Thanks,
Robert

Download attachment "signature.asc " of type "application/pgp-signature" (836 bytes)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.