CVE-2013-6394 — Inadequate Encryption Strength in Xtrabackup

CWE-310 CWE-326 — Inadequate Encryption Strength6 documents3 sources

Severity

5.9MEDIUMNVD

NVD2.1OSV2.1

EPSS

0.1%

top 81.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Percona Xtrabackup Fedoraproject Fedora Opensuse Leap +1 more

Timeline

PublishedDec 13

Latest updateMay 14

Description

Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶NVDpercona/xtrabackup2.3.5+11

▶NVDopensuse/leap42.1, 42.2+1

▶NVDopensuse/opensuse13.1

Also affects: Fedora 24, 25

Patches

Patch: www.percona.com ↗Patch: www.percona.com ↗

🔴Vulnerability Details

GHSA

GHSA-qgjv-rwc2-2rr2: xbcrypt in Percona XtraBackup before 2↗2022-05-14

▶

GHSA

GHSA-f2mj-h98v-gmcf: Percona XtraBackup before 2↗2022-05-14

▶

OSV

CVE-2016-6225: xbcrypt in Percona XtraBackup before 2↗2017-03-23

▶

OSV

CVE-2013-6394: Percona XtraBackup before 2↗2013-12-13

▶