CVE-2005-2572: MySQL User-Defined Functions Multiple Vulnerabilities
(Doc ID 2896323.1)
Last updated on MARCH 01, 2024
Applies to:
MySQL Server - Version 8.0 and laterInformation in this document applies to any platform.
Goal
User-defined functions in MySQL can allow a database user to cause binary libraries on the host to be loaded. The insert privilege on the table 'mysql.func' is required for a user to create user-defined functions. When running on Windows and possibly other operating systems, MySQL is potentially affected by the following vulnerabilities:
- If an invalid library is requested the Windows function 'LoadLibraryEx' will block processing until an error dialog box is acknowledged on the server.
It is not likely that non-Windows systems are affected by this particular issue.
- MySQL requires that user-defined libraries contain functions with names fitting the formats: 'XXX_deinit' or 'XXX_init'. However, other libraries are known to contain functions fitting these formats and, when called upon, can cause application crashes, memory corruption and stack pollution.
CVE-2005-2572
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |