CVE-2008-3963

Publication date 11 September 2008

Last updated 24 July 2024

Ubuntu priority

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
mysql-dfsg-5.0	8.10 intrepid	Not affected
	8.04 LTS hardy	Fixed 5.0.51a-3ubuntu5.4
	7.10 gutsy	Fixed 5.0.45-1ubuntu3.4
	7.04 feisty	Ignored end of life, was needed
	6.06 LTS dapper	Fixed 5.0.22-0ubuntu6.06.11

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
mysql-dfsg-5.0	Other: http://bugs.mysql.com/bug.php?id=35658

References

Related Ubuntu Security Notices (USN)

USN-671-1
MySQL vulnerabilities
17 November 2008

USN-1397-1
MySQL vulnerabilities
12 March 2012

Other references

https://www.cve.org/CVERecord?id=CVE-2008-3963