Planet MySQL

Displaying posts with tag: Mitigation (reset)

Dec

2021

Follow-up on an Unprivileged User can Crash your MySQL Server

Posted by Jean-François Gagné on Wed 01 Dec 2021 01:17 UTC
Tags:

Replication, bug, vulnerability, parallel replication, MySQL, MySQL 5.7, crashing bug, Group Replication, MySQL 8.0, Mitigation

A year ago, I blogged about An Unprivileged User can Crash your MySQL Server.  At the time, I presented how to protect yourself against this problem without explaining how to generate a crash.  In this post, I am revisiting this vulnerability, not giving the exploit yet, but presenting the fix.  Also, because the default configuration of Group Replication in 5.7 is still vulnerable

Oct

2020

An Unprivileged User can crash your MySQL Server

Posted by Jean-François Gagné on Mon 19 Oct 2020 01:09 UTC
Tags:

bug, MySQL, MySQL 5.7, crashing bug, MySQL 8.0, Mitigation

Yes, your read the title correctly: an unprivileged user can crash your MySQL Server.  This applies for the default configuration of MySQL 8.0.21 (and it is probably the case for all MySQL 8 GA versions).  Depending on your configuration, it might also be the case for MySQL 5.7.  This needs malicious intent and a lot of determination, so no need to panic as this will not happen by

Top Authors

Oracle MySQL Blogs

Vendor Blogs

MySQL Links