My Oracle Support Banner

CVE-2005-2572: MySQL User-Defined Functions Multiple Vulnerabilities (Doc ID 2896323.1)

Last updated on SEPTEMBER 15, 2022

Applies to:

MySQL Server - Version 8.0 and later
Information in this document applies to any platform.

Goal

User-defined functions in MySQL can allow a database user to cause binary libraries on the host to be loaded. The insert privilege on the table 'mysql.func' is required for a user to create user-defined functions. When running on Windows and possibly other operating systems, MySQL is potentially affected by the following vulnerabilities:

  - If an invalid library is requested the Windows function 'LoadLibraryEx' will block processing until an error dialog box is acknowledged on the server.
  It is not likely that non-Windows systems are affected by this particular issue.

  - MySQL requires that user-defined libraries contain functions with names fitting the formats: 'XXX_deinit' or 'XXX_init'. However, other libraries are known to contain functions fitting these formats and, when called upon, can cause application crashes, memory corruption and stack pollution.


CVE-2005-2572
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.