FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mysql -- empty bit-string literal denial of service

Affected packages
5.0 <= mysql-server < 5.0.66
5.1 <= mysql-server < 5.1.26
6.0 <= mysql-server < 6.0.6

Details

VuXML ID 66a770b4-e008-11dd-a765-0030843d3802
Discovery 2008-09-11
Entry 2009-01-11

MySQL reports:

The vulnerability is caused due to an error when processing an empty bit-string literal and can be exploited to crash the server via a specially crafted SQL statement.

References

CVE Name CVE-2008-3963
URL http://bugs.mysql.com/bug.php?id=35658
URL http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html
URL http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html
URL http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html
URL http://secunia.com/advisories/31769