My Oracle Support Banner

CVE-2005-2572: MySQL User-Defined Functions Multiple Vulnerabilities (Doc ID 2896323.1)

Last updated on MARCH 01, 2024

Applies to:

MySQL Server - Version 8.0 and later
Information in this document applies to any platform.


User-defined functions in MySQL can allow a database user to cause binary libraries on the host to be loaded. The insert privilege on the table 'mysql.func' is required for a user to create user-defined functions. When running on Windows and possibly other operating systems, MySQL is potentially affected by the following vulnerabilities:

  - If an invalid library is requested the Windows function 'LoadLibraryEx' will block processing until an error dialog box is acknowledged on the server.
  It is not likely that non-Windows systems are affected by this particular issue.

  - MySQL requires that user-defined libraries contain functions with names fitting the formats: 'XXX_deinit' or 'XXX_init'. However, other libraries are known to contain functions fitting these formats and, when called upon, can cause application crashes, memory corruption and stack pollution.



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.