cbcvebase.
CVE-2016-6663
published 2016-12-13

CVE-2016-6663: Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and…

PriorityP341high7CVSS 3.0
AVLACHPRLUINSUCHIHAH
EXPLOIT
EPSS
4.31%
89.9th percentile
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.

Affected

13 ranges
VendorProductVersion rangeFixed in
mariadbmariadb>= 10.0.0 < 10.0.2810.0.28
mariadbmariadb>= 10.1.0 < 10.1.1810.1.18
mariadbmariadb>= 5.5.20 < 5.5.525.5.52
oraclemysql
oraclemysql5.5.0 – 5.5.52
oraclemysql5.6.0 – 5.6.33
oraclemysql5.7.0 – 5.7.15
perconapercona_server>= 5.5 < 5.5.51-38.25.5.51-38.2
perconapercona_server>= 5.6 < 5.6.32-78.15.6.32-78.1
perconapercona_server>= 5.7 < 5.7.14-85.7.14-8
perconaxtradb_cluster>= 5.5 < 5.5.41-37.05.5.41-37.0
perconaxtradb_cluster>= 5.6 < 5.6.32-25.175.6.32-25.17
perconaxtradb_cluster>= 5.7 < 5.7.14-26.175.7.14-26.17

CVSS provenance

nvdv3.07.0HIGHCVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
osv7.0HIGH
vendor_redhat7.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.