[] NeoSense
E X P L O I T S
title author type platform port cve id

MySQL 6.0.4 - Empty Binary String Literal Remote Denial of Service

Author: Kay Roepke
type: dos
platform: linux
port: 
date_added: 2008-03-28 
date_updated: 2014-03-19 
verified: 1 
codes: CVE-2008-3963;OSVDB-48021 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/31081/info

MySQL is prone to a remote denial-of-service vulnerability because it fails to handle empty binary string literals.

An attacker can exploit this issue to crash the application, denying access to legitimate users.

This issue affects versions prior to MySQL 5.0.66, 5.1.26, and 6.0.6.

The following proof-of-concept query is available:

select b'';
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.