Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-6663 — Race Condition in Mariadb

CWE-362 — Race Condition7 documents7 sources

Severity

7.0HIGHNVD

EPSS

3.1%

top 13.11%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mariadb Percona Server Percona Xtradb Cluster +1 more

Timeline

PublishedDec 13

Latest updateMay 14

Description

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a M…

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages4 packages

▶NVDpercona/xtradb_cluster5.5 — 5.5.41-37.0+2

▶NVDpercona/percona_server5.5 — 5.5.51-38.2+2

▶NVDoracle/mysql5.5.0 — 5.5.52+3

▶NVDmariadb/mariadb5.5.20 — 5.5.52+2

Patches

Patch: www.oracle.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-g76x-xjc6-4pgh: Race condition in Oracle MySQL before 5↗2022-05-14

▶

CVEList

CVE-2016-6663: Race condition in Oracle MySQL before 5↗2016-12-13

▶

OSV

CVE-2016-6663: Race condition in Oracle MySQL before 5↗2016-12-13

▶

💥Exploits & PoCs

Exploit-DB

MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition↗2016-11-01

▶

📋Vendor Advisories

Red Hat

mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)↗2016-09-12

▶

💬Community

Bugzilla

CVE-2016-5616 CVE-2016-6663 mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)↗2016-09-23

▶