Oracle MySQL 5.7.x < 5.7.5 DoS

Medium Nessus Network Monitor Plugin ID 9939


The remote database server is vulnerable to a Denial of Service (DoS) attack vector.


The version of MySQL installed on the remote host is version 5.7.x prior to 5.7.5 and is affected by a use-after-free error in the 'mysql_prune_stmt_list()' function in 'client.c' that may allow an authenticated attacker to dereference already freed memory and crash the database. (OSVDB 151210)


Upgrade to MySQL 5.7.5 or later.

See Also

Plugin Details

Severity: Medium

ID: 9939

File Name: 9939.prm

Family: Database

Published: 2017/02/07

Modified: 2017/02/07

Dependencies: 8914

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C


Base Score: 6.5

Temporal Score: 6.2


Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:mysql

Patch Publication Date: 2014/09/23

Vulnerability Publication Date: 2011/12/19

Reference Information

OSVDB: 151210