CVE-2008-3963
published 2008-09-11CVE-2008-3963: MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string…
PriorityP423medium4CVSS 2.0
AVNACLAuSCNINAP
EXPLOIT
EPSS
6.46%
92.9th percentile
MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.
Affected
64 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
vendor_ubuntu4.6MEDIUM
vendor_redhat4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2012-03-12
CVE-2007-5925 MySQL vulnerabilities
Title: MySQL vulnerabilities
Summary: Several security issues were fixed in MySQL.
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10,
Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to
MySQL 5.0.95.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2008-11-17·CVSS 4.6
CVE-2008-2079 [MEDIUM] MySQL vulnerabilities
Title: MySQL vulnerabilities
Summary: MySQL vulnerabilities
It was discovered that MySQL could be made to overwrite existing table
files in the data directory. An authenticated user could use the
DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege
checks. This update alters table creation behaviour by disallowing the
use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY
options. (CVE-2008-2079, CVE-2008-4097 and CVE-2008-4098)
It was discovered that MySQL did not handle empty bit-string literals
properly. An attacker could exploit this problem and cause the MySQL
server to crash, leading to a denial of service. (CVE-2008-3963)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
MySQL: Using an empty binary value leads to server crash
vendor_redhat·2008-08-10·CVSS 4.0
CVE-2008-3963 [MEDIUM] MySQL: Using an empty binary value leads to server crash
MySQL: Using an empty binary value leads to server crash
MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.
Statement: This issue did not affect MySQL as supplied with Red Hat Enterprise Linux 3 or 4.
GHSA
GHSA-hp64-jg7m-f9mq: MySQL 5
ghsa_unreviewed·2022-05-02
CVE-2008-3963 [MEDIUM] CWE-134 GHSA-hp64-jg7m-f9mq: MySQL 5
MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.
No detection rules found.
Bugzilla
CVE-2008-3963 MySQL: Using an empty binary value leads to server crash
bugzilla·2008-12-17·CVSS 4.0
CVE-2008-3963 [MEDIUM] CVE-2008-3963 MySQL: Using an empty binary value leads to server crash
CVE-2008-3963 MySQL: Using an empty binary value leads to server crash
+++ This bug was initially created as a clone of Bug #462071 +++
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3963 to
the following vulnerability:
MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does
not properly handle a b'' (b single-quote single-quote) token, aka an
empty bit-string literal, which allows remote attackers to cause a
denial of service (daemon crash) by using this token in a SQL
statement.
References:
http://www.openwall.com/lists/oss-security/2008/09/09/4
http://www.openwall.com/lists/oss-security/2008/09/09/7
http://bugs.mysql.com/bug.php?id=35658
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html
http://dev.mysql.com/doc/refman/5.1/en/news
Bugzilla
CVE-2008-3963 MySQL: Using an empty binary value leads to server crash
bugzilla·2008-09-12·CVSS 4.0
CVE-2008-3963 [MEDIUM] CVE-2008-3963 MySQL: Using an empty binary value leads to server crash
CVE-2008-3963 MySQL: Using an empty binary value leads to server crash
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3963 to
the following vulnerability:
MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does
not properly handle a b'' (b single-quote single-quote) token, aka an
empty bit-string literal, which allows remote attackers to cause a
denial of service (daemon crash) by using this token in a SQL
statement.
References:
http://www.openwall.com/lists/oss-security/2008/09/09/4
http://www.openwall.com/lists/oss-security/2008/09/09/7
http://bugs.mysql.com/bug.php?id=35658
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.htm
http://bugs.mysql.com/bug.php?id=35658http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.htmlhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.htmlhttp://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.htmlhttp://secunia.com/advisories/31769http://secunia.com/advisories/32759http://secunia.com/advisories/32769http://secunia.com/advisories/34907http://secunia.com/advisories/36566http://www.debian.org/security/2009/dsa-1783http://www.mandriva.com/security/advisories?name=MDVSA-2009:094http://www.openwall.com/lists/oss-security/2008/09/09/4http://www.openwall.com/lists/oss-security/2008/09/09/7http://www.redhat.com/support/errata/RHSA-2009-1067.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1289.htmlhttp://www.securitytracker.com/id?1020858http://www.ubuntu.com/usn/USN-1397-1http://www.ubuntu.com/usn/USN-671-1http://www.vupen.com/english/advisories/2008/2554https://bugs.gentoo.org/237166https://exchange.xforce.ibmcloud.com/vulnerabilities/45042https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521http://bugs.mysql.com/bug.php?id=35658http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.htmlhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.htmlhttp://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.htmlhttp://secunia.com/advisories/31769http://secunia.com/advisories/32759http://secunia.com/advisories/32769http://secunia.com/advisories/34907http://secunia.com/advisories/36566http://www.debian.org/security/2009/dsa-1783http://www.mandriva.com/security/advisories?name=MDVSA-2009:094http://www.openwall.com/lists/oss-security/2008/09/09/4http://www.openwall.com/lists/oss-security/2008/09/09/7http://www.redhat.com/support/errata/RHSA-2009-1067.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1289.htmlhttp://www.securitytracker.com/id?1020858http://www.ubuntu.com/usn/USN-1397-1http://www.ubuntu.com/usn/USN-671-1http://www.vupen.com/english/advisories/2008/2554https://bugs.gentoo.org/237166https://exchange.xforce.ibmcloud.com/vulnerabilities/45042https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521
2008-09-11
Published