MySQL Server – Database Creation Denial Of Service (CVE-2019-2537)

Product Description:

MySQL is the world’s most popular open source database. Whether you are a fast growing web property, technology ISV or large enterprise, MySQL can cost-effectively help you deliver high performance, scalable database applications.

Vulnerability Discussion:

If a user creates a specific database name it can cause MySQL to fail upon a restart. The only resolution is for the administrator to manually remove the database name in question before MySQL will be allowed to resume operation.

Vulnerable Version(s):

5.6.42 and prior
5.7.24 and prior
8.0.13 and prior

Vendor Contact Timeline:

2018-10-08: Vendor contacted via email.
2019-01-16: Vendor issues updates.
2019-01-20: RACK911 Labs issues security advisory.

About Us:

RACK911 Labs
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119