Critical MySQL Flaw Found | eWeek

Critical MySQL Flaw Found

Écrit par
Lisa Vaas
Lisa Vaas
Jul 22, 2005
1 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

A “highly critical” flaw has been reported in MySQL that can be exploited to cause a DoS (Denial of Service) or to execute arbitrary code on the open-source database, according to security alerts aggregator Secunia Inc.

The vulnerability lies in the fact that MySQL uses a vulnerable zlib library. Zlib is a data compression library used to support the compressed protocol and the COMPRESS/UNCOMPRESS functions under Windows.

The error occurs in “inftrees.c” when handling corrupted compressed data streams.

According to Secunias alert, the flaw can be exploited to crash any application that uses the zlib library. Alternatively, malicious users can execute arbitrary code with privileges of the vulnerable application.

While the flaw was reported in Version 1.2.2, earlier versions may also be at risk.

The flaw was originally reported by MySQL, along with the fix. It was discovered by Tavis Ormandy of the Gentoo Linux Security Audit Team.

The solution is to update to MySQL Version 4.1.13. According to a spokesperson for MySQL, the flaw has not been exploited, to the knowledge of MySQL.

To be on the safe side, MySQL recommends people should always upgrade and apply patches as good practice.

Check out eWEEK.coms for the latest database news, reviews and analysis.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.