MySQL Server – Database Creation Denial Of Service (CVE-2019-2537)

January 21, 2019 - by RACK911 Labs

Product Description:

MySQL is the world’s most popular open source database. Whether you are a fast growing web property, technology ISV or large enterprise, MySQL can cost-effectively help you deliver high performance, scalable database applications.

Vulnerability Discussion:

If a user creates a specific database name it can cause MySQL to fail upon a restart. The only resolution is for the administrator to manually remove the database name in question before MySQL will be allowed to resume operation.

Vulnerable Version(s):

5.6.42 and prior
5.7.24 and prior
8.0.13 and prior

Vendor Contact Timeline:

2018-10-08: Vendor contacted via email.
2019-01-16: Vendor issues updates.
2019-01-20: RACK911 Labs issues security advisory.

About Us:

https://www.RACK911Labs.com

RACK911 Labs
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119

1-855-RACK911

Reference(s):

http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://nvd.nist.gov/vuln/detail/CVE-2019-2537