Vulnerability CVE-2018-3282: Information

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-3282
Published: Oct. 17, 2018
Modified: Nov. 8, 2022

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
MySQLsisyphus5.7.24-alt18.0.36-alt1ALT-PU-2018-2668-1216678Fixed
MySQLp105.7.24-alt18.0.36-alt1ALT-PU-2018-2668-1216678Fixed
MySQLp95.7.24-alt18.0.26-alt2ALT-PU-2018-2668-1216678Fixed
MySQLp85.7.24-alt15.7.28-alt1ALT-PU-2018-2828-1216685Fixed
MySQLc10f15.7.24-alt18.0.36-alt1ALT-PU-2018-2668-1216678Fixed
MySQLc9f25.7.24-alt18.0.36-alt0.c9.1ALT-PU-2018-2668-1216678Fixed
MySQLc75.7.24-alt0.M70C.15.7.24-alt0.M70C.1ALT-PU-2019-2206-1231498Fixed
mariadbsisyphus10.3.11-alt110.11.7-alt2.1ALT-PU-2018-2720-1217038Fixed
mariadbp1010.3.11-alt110.6.17-alt3ALT-PU-2018-2720-1217038Fixed
mariadbp910.3.11-alt110.4.32-alt0.M90P.1ALT-PU-2018-2720-1217038Fixed
mariadbp810.1.37-alt110.1.48-alt1ALT-PU-2018-2781-1217040Fixed
mariadbc10f110.3.11-alt110.6.17-alt1ALT-PU-2018-2720-1217038Fixed
mariadbc9f210.3.11-alt110.6.15-alt1ALT-PU-2018-2720-1217038Fixed
mariadbc710.3.14-alt0.M70C.110.3.14-alt0.M70C.1ALT-PU-2019-1992-1231405Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
  • Patch
  • Vendor Advisory
1041888
  • Broken Link
  • Third Party Advisory
  • VDB Entry
105610
  • Third Party Advisory
  • VDB Entry
https://security.netapp.com/advisory/ntap-20181018-0002/
  • Third Party Advisory
USN-3799-1
  • Third Party Advisory
USN-3799-2
  • Third Party Advisory
[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update
  • Mailing List
  • Third Party Advisory
[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update
  • Mailing List
  • Third Party Advisory
DSA-4341
  • Third Party Advisory
RHSA-2018:3655
  • Third Party Advisory
RHSA-2019:1258
  • Third Party Advisory
RHSA-2019:2327
  • Third Party Advisory
GLSA-201908-24
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
      Start including
      5.7.0
      End including
      5.7.23
      cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
      Start including
      8.0.0
      End including
      8.0.12
      cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
      Start including
      5.5.0
      End including
      5.5.61
      cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
      Start including
      5.6.0
      End including
      5.6.41

      Configuration 2

      cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
      Start including
      7.3
      cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
      Start including
      9.5

      Configuration 3

      cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

      Configuration 4

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

      Configuration 5

      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      10.0.0
      End excliding
      10.0.37
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      10.2.0
      End excliding
      10.2.19
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      10.3.0
      End excliding
      10.3.11
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      5.5.0
      End excliding
      5.5.62
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      10.1.0
      End excliding
      10.1.37

      Configuration 6

      cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top