Bug #16365 | Prepared Statements: DoS with too many open statements | ||
---|---|---|---|
Submitted: | 11 Jan 2006 10:25 | Modified: | 27 Apr 2006 12:48 |
Reporter: | Konstantin Osipov (OCA) | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Prepared statements | Severity: | S2 (Serious) |
Version: | 4.1 | OS: | Any (All) |
Assigned to: | Konstantin Osipov | CPU Architecture: | Any |
[11 Jan 2006 10:25]
Konstantin Osipov
[24 Mar 2006 15:38]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/4126
[7 Apr 2006 19:39]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/4658
[10 Apr 2006 9:52]
Konstantin Osipov
Pushed into 4.1.19 and merged into 5.0.21
[21 Apr 2006 17:53]
Trudy Pelzer
Fix merged into 5.1.10.
[27 Apr 2006 12:40]
Paul DuBois
Noted in 4.1.19, 5.0.21, 5.1.10 changelogs. <emphasis role="bold">Security enhancement</emphasis>: Added the global <literal>max_prepared_stmt_count</literal> system variable to limit the total number of prepared statements in the server. This limits the potential for denial-of-service attacks based on running the server out of memory by preparing huge numbers of statements. The current number of prepared statements is available through the <literal>prepared_stmt_count</literal> system variable. (Bug #16365) Also updated the list of system variables in the database administration chapter.