MySQL :: Re: x86 ODBC Connector vulnerability

New Topic

Re: x86 ODBC Connector vulnerability

Posted by: Bogdan Degtyariov
Date: August 13, 2024 06:36PM

Hi Paul,

Thank you for the detailed description of the problem.
Starting from the version 8.0.35 the Connector/ODBC 8.0.X is a special case where the ODBC driver is built only for Windows 32-bit platform. These versions of Connector/ODBC 8.0 do not have the new features introduced in 8.4/9.0/9.1. However, they contain all critical updates and security patches. This includes ODBC Driver 8.0.37.

The ODBC Driver 8.0.37 is using MySQL client library 8.0.37 for the network protocol communication with MySQL Server and therefore CVE-2023-6129 has to be assessed from this point of view.

As mentioned on this page:
https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixMSQL

CVE-2023-6129 affects MySQL Server 8.0.36 and prior, 8.3.0 and prior.

Since 8.0.37 MySQL Server is not affected, the MySQL Connector/ODBC 8.0.37 is not affected as well.
I hope this answers your question.

Navigate: Previous Message• Next Message

Options: Reply• Quote

Subject

Written By

Posted

x86 ODBC Connector vulnerability

Paul Haynes

August 13, 2024 07:14AM

Re: x86 ODBC Connector vulnerability

Bogdan Degtyariov

August 13, 2024 06:36PM

Re: x86 ODBC Connector vulnerability

Jarod Burris

August 27, 2024 02:32PM

Re: x86 ODBC Connector vulnerability

Peter Leong

October 03, 2024 08:28PM

Re: x86 ODBC Connector vulnerability

Bogdan Degtyariov

October 03, 2024 11:00PM

Re: x86 ODBC Connector vulnerability

Peter Leong

October 05, 2024 11:41PM

Sorry, only registered users may post in this forum.

Click here to login

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.