CVE-2018-2781

MEDIUM

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

References

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.securityfocus.com/bid/103825

http://www.securitytracker.com/id/1040698

https://access.redhat.com/errata/RHSA-2018:1254

https://access.redhat.com/errata/RHSA-2018:2439

https://access.redhat.com/errata/RHSA-2018:2729

https://access.redhat.com/errata/RHSA-2018:3655

https://access.redhat.com/errata/RHSA-2019:1258

https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html

https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html

https://security.gentoo.org/glsa/201908-24

https://security.netapp.com/advisory/ntap-20180419-0002/

https://usn.ubuntu.com/3629-1/

https://usn.ubuntu.com/3629-2/

https://usn.ubuntu.com/3629-3/

https://www.debian.org/security/2018/dsa-4176

https://www.debian.org/security/2018/dsa-4341

Details

Source: MITRE

Published: 2018-04-19

Updated: 2019-05-21

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.2

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.5.0 to 5.5.59 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.6.0 to 5.6.39 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.7.0 to 5.7.21 (inclusive)

ID	Name	Product	Family	Severity
127973	GLSA-201908-24 : MariaDB, MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
127203	NewStart CGSL CORE 5.04 / MAIN 5.04 : mariadb Multiple Vulnerabilities (NS-SA-2019-0034)	Nessus	NewStart CGSL Local Security Checks	high
124994	EulerOS Virtualization for ARM 64 3.0.1.0 : mariadb (EulerOS-SA-2019-1541)	Nessus	Huawei Local Security Checks	medium
700626	MySQL 5.7.x < 5.7.22 Multiple Vulnerabilities (April 2018 CPU)	Nessus Network Monitor	Database	medium
700621	MySQL 5.6.x < 5.6.40 Multiple Vulnerabilities (April 2018 CPU)	Nessus Network Monitor	Database	medium
700615	MySQL 5.5.x < 5.5.60 Multiple Vulnerabilities (April 2018 CPU)	Nessus Network Monitor	Database	medium
123187	openSUSE Security Update : mariadb (openSUSE-2019-427)	Nessus	SuSE Local Security Checks	medium
121940	Photon OS 2.0: Mysql PHSA-2018-2.0-0040	Nessus	PhotonOS Local Security Checks	high
120297	Fedora 28 : 3:mariadb (2018-2513b888a4)	Nessus	Fedora Local Security Checks	medium
120201	Fedora 28 : community-mysql (2018-00e90783d2)	Nessus	Fedora Local Security Checks	medium
119040	Debian DSA-4341-1 : mariadb-10.1 - security update	Nessus	Debian Local Security Checks	high
118434	EulerOS Virtualization 2.5.0 : mariadb (EulerOS-SA-2018-1346)	Nessus	Huawei Local Security Checks	medium
118425	EulerOS Virtualization 2.5.1 : mariadb (EulerOS-SA-2018-1337)	Nessus	Huawei Local Security Checks	medium
118270	SUSE SLES12 Security Update : mariadb (SUSE-SU-2018:1781-2)	Nessus	SuSE Local Security Checks	medium
117746	EulerOS 2.0 SP3 : mariadb (EulerOS-SA-2018-1303)	Nessus	Huawei Local Security Checks	medium
117745	EulerOS 2.0 SP2 : mariadb (EulerOS-SA-2018-1302)	Nessus	Huawei Local Security Checks	high
117592	Amazon Linux 2 : mariadb (ALAS-2018-1078)	Nessus	Amazon Linux Local Security Checks	high
112020	CentOS 7 : mariadb (CESA-2018:2439)	Nessus	CentOS Local Security Checks	high
111806	Scientific Linux Security Update : mariadb on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
111802	RHEL 7 : mariadb (RHSA-2018:2439)	Nessus	Red Hat Local Security Checks	high
111800	Oracle Linux 7 : mariadb (ELSA-2018-2439)	Nessus	Oracle Linux Local Security Checks	high
111299	Photon OS 2.0 : mysql (PhotonOS-PHSA-2018-2.0-0040) (deprecated)	Nessus	PhotonOS Local Security Checks	high
110816	Debian DLA-1407-1 : mariadb-10.0 security update	Nessus	Debian Local Security Checks	high
110682	SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2018:1781-1)	Nessus	SuSE Local Security Checks	medium
110679	openSUSE Security Update : mariadb (openSUSE-2018-668)	Nessus	SuSE Local Security Checks	medium
110668	Fedora 27 : 3:mariadb (2018-86026275ea)	Nessus	Fedora Local Security Checks	medium
110408	openSUSE Security Update : mariadb (openSUSE-2018-572)	Nessus	SuSE Local Security Checks	medium
110202	Amazon Linux AMI : mysql55 (ALAS-2018-1028)	Nessus	Amazon Linux Local Security Checks	medium
110201	Amazon Linux AMI : mysql56 (ALAS-2018-1027)	Nessus	Amazon Linux Local Security Checks	medium
110200	Amazon Linux AMI : mysql57 (ALAS-2018-1026)	Nessus	Amazon Linux Local Security Checks	medium
110089	SUSE SLES12 Security Update : mariadb (SUSE-SU-2018:1382-1)	Nessus	SuSE Local Security Checks	medium
109973	Fedora 26 : 3:mariadb (2018-d955395c08)	Nessus	Fedora Local Security Checks	medium
109938	SUSE SLES11 Security Update : mysql (SUSE-SU-2018:1333-1)	Nessus	SuSE Local Security Checks	medium
109685	Slackware 14.1 / 14.2 : mariadb (SSA:2018-130-01)	Nessus	Slackware Local Security Checks	medium
109563	Fedora 26 : community-mysql (2018-8b920c2b00)	Nessus	Fedora Local Security Checks	medium
109561	Fedora 27 : community-mysql (2018-7025a5c25d)	Nessus	Fedora Local Security Checks	medium
109467	Ubuntu 18.04 LTS : mysql-5.7 vulnerabilities (USN-3629-3)	Nessus	Ubuntu Local Security Checks	medium
109424	openSUSE Security Update : mysql-community-server (openSUSE-2018-405)	Nessus	SuSE Local Security Checks	medium
109311	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3629-1)	Nessus	Ubuntu Local Security Checks	medium
109228	FreeBSD : MySQL -- multiple vulnerabilities (57aec168-453e-11e8-8777-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	medium
109218	Debian DSA-4176-1 : mysql-5.5 - security update	Nessus	Debian Local Security Checks	medium
109187	Debian DLA-1355-1 : mysql-5.5 security update	Nessus	Debian Local Security Checks	medium
109171	MySQL 5.7.x < 5.7.22 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)	Nessus	Databases	medium
109170	MySQL 5.7.x < 5.7.22 Multiple Vulnerabilities (April 2018 CPU)	Nessus	Databases	medium
109169	MySQL 5.6.x < 5.6.40 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)	Nessus	Databases	medium
109168	MySQL 5.6.x < 5.6.40 Multiple Vulnerabilities (April 2018 CPU)	Nessus	Databases	medium
109167	MySQL 5.5.x < 5.5.60 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)	Nessus	Databases	medium
109166	MySQL 5.5.x < 5.5.60 Multiple Vulnerabilities (April 2018 CPU)	Nessus	Databases	medium