HaBangNet Corp


News: MySQL Server - Database Creation Denial of Service (CVE-2019-2537)

Published: 21/01/2019 Back

           Product: MySQL
                OS: Multiple
               URL: https://www.mysql.com/
              Type: DoS
Vulnerable Version: 5.6.42 and prior
Vulnerable Version: 5.7.24 and prior
Vulnerable Version: 8.0.13 and prior
        CVE Number: CVE-2019-2537
            Impact: Medium
              Date: 2019-01-20
          Found By: RACK911 Labs

Product Description:

MySQL is the world's most popular open source database. Whether you are a fast growing web property, technology ISV or large enterprise, MySQL can cost-effectively help you deliver high performance, scalable database applications.

Vulnerability Description:

If a user creates a specific database name it can cause MySQL to fail upon a restart. The only resolution is for the administrator to manually remove the database name in question before MySQL will be allowed to resume operation.

Vendor Contact Timeline:

2018-10-08: Vendor contacted via email.
2019-01-16: Vendor issues updates.
2019-01-20: RACK911 Labs issues security advisory.





It is always advise to upgrade to the latest version for security and performance. If you're using our managing service, you do not need to worry, as we will take care of the issue when issue found.

Powered by HostBill