Vulnerability CVE-2018-3174: Information

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-3174
Published: Oct. 17, 2018
Modified: Dec. 7, 2022

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
MySQLsisyphus5.7.24-alt18.0.37-alt1.1ALT-PU-2018-2668-1216678Fixed
MySQLp105.7.24-alt18.0.36-alt1ALT-PU-2018-2668-1216678Fixed
MySQLp95.7.24-alt18.0.26-alt2ALT-PU-2018-2668-1216678Fixed
MySQLp85.7.24-alt15.7.28-alt1ALT-PU-2018-2828-1216685Fixed
MySQLc10f15.7.24-alt18.0.37-alt1ALT-PU-2018-2668-1216678Fixed
MySQLc9f25.7.24-alt18.0.36-alt0.c9.1ALT-PU-2018-2668-1216678Fixed
MySQLc75.7.24-alt0.M70C.15.7.24-alt0.M70C.1ALT-PU-2019-2206-1231498Fixed
MySQLp115.7.24-alt18.0.37-alt1.1ALT-PU-2018-2668-1216678Fixed
mariadbsisyphus10.3.11-alt110.11.8-alt1ALT-PU-2018-2720-1217038Fixed
mariadbp1010.3.11-alt110.6.18-alt1ALT-PU-2018-2720-1217038Fixed
mariadbp910.3.11-alt110.4.34-alt0.M90P.1ALT-PU-2018-2720-1217038Fixed
mariadbp810.1.37-alt110.1.48-alt1ALT-PU-2018-2781-1217040Fixed
mariadbc10f110.3.11-alt110.6.18-alt1ALT-PU-2018-2720-1217038Fixed
mariadbc9f210.3.11-alt110.6.18-alt1ALT-PU-2018-2720-1217038Fixed
mariadbc710.3.14-alt0.M70C.110.3.14-alt0.M70C.1ALT-PU-2019-1992-1231405Fixed
mariadbp1110.3.11-alt110.11.8-alt1ALT-PU-2018-2720-1217038Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
  • Patch
  • Vendor Advisory
1041888
  • Broken Link
  • Third Party Advisory
  • VDB Entry
105612
  • Third Party Advisory
  • VDB Entry
https://security.netapp.com/advisory/ntap-20181018-0002/
  • Third Party Advisory
USN-3799-1
  • Third Party Advisory
USN-3799-2
  • Third Party Advisory
[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update
  • Mailing List
  • Third Party Advisory
[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update
  • Mailing List
  • Third Party Advisory
DSA-4341
  • Third Party Advisory
RHSA-2018:3655
  • Third Party Advisory
RHSA-2019:1258
  • Third Party Advisory
GLSA-201908-24
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
      Start including
      5.7.0
      End including
      5.7.23
      cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
      Start including
      8.0.0
      End including
      8.0.12
      cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
      Start including
      5.5.0
      End including
      5.5.61
      cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
      Start including
      5.6.0
      End including
      5.6.41

      Configuration 2

      cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
      Start including
      7.3
      cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
      Start including
      9.5

      Configuration 3

      cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

      Configuration 4

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

      Configuration 5

      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      10.0.0
      End excliding
      10.0.37
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      10.2.0
      End excliding
      10.2.19
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      10.3.0
      End excliding
      10.3.11
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      5.5.0
      End excliding
      5.5.62
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      10.1.0
      End excliding
      10.1.37
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top