MySQL 6.0.4 - Empty Binary String Literal Remote Denial of Service

EDB-ID:

32348


Author:

Kay Roepke

Type:

dos


Platform:

Linux

Date:

2008-03-28


source: https://www.securityfocus.com/bid/31081/info

MySQL is prone to a remote denial-of-service vulnerability because it fails to handle empty binary string literals.

An attacker can exploit this issue to crash the application, denying access to legitimate users.

This issue affects versions prior to MySQL 5.0.66, 5.1.26, and 6.0.6. 

The following proof-of-concept query is available:

select b'';