MySQL Server – Database Creation Denial Of Service (CVE-2019-2537)
MySQL is the world’s most popular open source database. Whether you are a fast growing web property, technology ISV or large enterprise, MySQL can cost-effectively help you deliver high performance, scalable database applications.
If a user creates a specific database name it can cause MySQL to fail upon a restart. The only resolution is for the administrator to manually remove the database name in question before MySQL will be allowed to resume operation.
5.6.42 and prior
5.7.24 and prior
8.0.13 and prior
Vendor Contact Timeline:
2018-10-08: Vendor contacted via email.
2019-01-16: Vendor issues updates.
2019-01-20: RACK911 Labs issues security advisory.
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119