Product: MySQL
OS: Multiple
URL: https://www.mysql.com/
Type: DoS
Vulnerable Version: 5.6.42 and prior
Vulnerable Version: 5.7.24 and prior
Vulnerable Version: 8.0.13 and prior
CVE Number: CVE-2019-2537
Impact: Medium
Date: 2019-01-20
Found By: RACK911 Labs
============================================================
Product Description:
-------------------
MySQL is the world's most popular open source database. Whether you are a fast growing web property, technology ISV or large enterprise, MySQL can cost-effectively help you deliver high performance, scalable database applications.
Vulnerability Description:
-------------------------
If a user creates a specific database name it can cause MySQL to fail upon a restart. The only resolution is for the administrator to manually remove the database name in question before MySQL will be allowed to resume operation.
Vendor Contact Timeline:
-----------------------
2018-10-08: Vendor contacted via email.
2019-01-16: Vendor issues updates.
2019-01-20: RACK911 Labs issues security advisory.
Reference(s):
------------
http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://nvd.nist.gov/vuln/detail/CVE-2019-2537
It is always advise to upgrade to the latest version for security and performance. If you're using our managing service, you do not need to worry, as we will take care of the issue when issue found.