CVE-2008-3963

Name: CVE-2008-3963
Creator: NVD / NIST
Published: 2008-09-11T01:13:47.617+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 6.46%

Last modified Jun 16, 2026

CVE-2008-3963 is a vulnerability of currently unknown severity. MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.. EPSS estimates a 6.46% chance of exploitation in the next 30 days.

Description

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.

Metrics

EPSS Probability

6.46%

92.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-134

Affected Software

Vendor	Product	Versions	Update
Mysql	Mysql	5.0.0	—
Mysql	Mysql	5.0.1	—
Mysql	Mysql	5.0.2	—
Mysql	Mysql	5.0.3	—
Mysql	Mysql	5.0.4	—
Mysql	Mysql	5.0.5	—
Mysql	Mysql	5.0.5.0.21	—
Mysql	Mysql	5.0.10	—
Mysql	Mysql	5.0.15	—
Mysql	Mysql	5.0.16	—
Mysql	Mysql	5.0.17	—
Mysql	Mysql	5.0.20	—
Mysql	Mysql	5.0.22.1.0.1	—
Mysql	Mysql	5.0.24	—
Mysql	Mysql	5.0.30	—
Mysql	Mysql	5.0.36	—
Mysql	Mysql	5.0.44	—
Mysql	Mysql	5.0.54	—
Mysql	Mysql	5.0.56	—
Mysql	Mysql	5.0.60	—
Mysql	Mysql	5.1.5	—
Mysql	Mysql	5.1.23	—
Oracle	Mysql	5.0.0	Alpha
Oracle	Mysql	5.0.6	—
Oracle	Mysql	5.0.23	—
Oracle	Mysql	5.0.25	—
Oracle	Mysql	5.0.26	—
Oracle	Mysql	5.0.30	Sp1
Oracle	Mysql	5.0.32	—
Oracle	Mysql	5.0.33	—
Oracle	Mysql	5.0.38	—
Oracle	Mysql	5.0.41	—
Oracle	Mysql	5.0.42	—
Oracle	Mysql	5.0.45	—
Oracle	Mysql	5.0.50	—
Oracle	Mysql	5.0.51	—
Oracle	Mysql	5.0.52	—
Oracle	Mysql	5.1	—
Oracle	Mysql	5.1.1	—
Oracle	Mysql	5.1.2	—
Oracle	Mysql	5.1.3	—
Oracle	Mysql	5.1.4	—
Oracle	Mysql	5.1.6	—
Oracle	Mysql	5.1.7	—
Oracle	Mysql	5.1.8	—
Oracle	Mysql	5.1.9	—
Oracle	Mysql	5.1.10	—
Oracle	Mysql	5.1.11	—
Oracle	Mysql	5.1.12	—
Oracle	Mysql	5.1.13	—

Showing 50 of 64 affected configurations. See NVD for the full list.

References

Timeline

Published: Sep 11, 2008
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2008-3963?

How severe is CVE-2008-3963?

Severity scoring for CVE-2008-3963 is pending analysis. The EPSS model estimates a 6.46% probability of exploitation in the next 30 days.

How do I fix CVE-2008-3963?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2008-3963?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST