MySQL Bounded Parameter Statement Execution Remote Buffer Overflow Vulnerability

MySQL Bounded Parameter Statement Execution Remote Buffer Overflow Vulnerability

It is reported that MySQL is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly ensure the size of a buffer is sufficient to handle user-supplied input data before performing operations that may overflow into adjacent memory regions.

This vulnerability reportedly allows for remote attackers to crash affected servers. It is unconfirmed, but there may be a possibility of remote code execution in the context of the affected server. It would likely require a complex exploit, in order to take advantage of overwriting memory contents with NULL bytes. Attackers may be able to take advantage of the structured, predictable nature of the memory operations in order to control the flow of execution of the application.

MySQL versions 4.1.3-beta and 4.1.4 are reported vulnerable, but other versions are also likely affected.