CVE-2008-3963

MySQL 5.0 < 5.0.66, 5.1 < 5.1.26, 6.0 < 6.0.6 - Denial of Service via Empty Bit-String Literal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3963. PoCs published by Kay Roepke.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in MySQL by sending a query with an empty binary string literal, causing the application to crash. The issue affects MySQL versions prior to 5.0.66, 5.1.26, and 6.0.6.

Description

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Kay Roepke · textdoslinux
https://www.exploit-db.com/exploits/32348

This exploit demonstrates a denial-of-service vulnerability in MySQL by sending a query with an empty binary string literal, causing the application to crash. The issue affects MySQL versions prior to 5.0.66, 5.1.26, and 6.0.6.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: MySQL versions prior to 5.0.66, 5.1.26, and 6.0.6
No auth needed
Prerequisites: Access to a MySQL server instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (23)

Core 23
Core References
Various Sources x_refsource_confirm
http://bugs.mysql.com/bug.php?id=35658
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
Various Sources x_refsource_confirm
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1397-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1067.html
Various Sources x_refsource_confirm
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/09/09/7
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2554
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-671-1
Issue Tracking x_refsource_confirm
https://bugs.gentoo.org/237166
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45042
Patch vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1783
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1289.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32769
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32759
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34907
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/09/09/4
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36566
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31769
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020858
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521

Scores

EPSS 0.0542
EPSS Percentile 90.2%

Details

CWE
CWE-134
Status published
Products (50)
mysql/mysql 5.0.0
mysql/mysql 5.0.1
mysql/mysql 5.0.2
mysql/mysql 5.0.3
mysql/mysql 5.0.4
mysql/mysql 5.0.5
mysql/mysql 5.0.5.0.21
mysql/mysql 5.0.10
mysql/mysql 5.0.15
mysql/mysql 5.0.16
... and 40 more
Published Sep 11, 2008
Tracked Since Feb 18, 2026