CVE-2018-2767 — Missing Cryptographic Step in Oracle Mysql
Severity
3.1LOWNVD
EPSS
0.3%
top 44.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 18
Latest updateMay 13
Description
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confident…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4
Affected Packages8 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, Enterprise Linux 7.5, 7.6, 7.7
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-qhg6-x5p3-8653: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption)↗2022-05-13
OSV▶
CVE-2018-2767: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption)↗2018-07-18
CVEList▶
CVE-2018-2767: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption)↗2018-07-18
📋Vendor Advisories
3💬Community
4Bugzilla▶
CVE-2018-19839 libsass: Heap-based buffer over-read in the handle_error function resulting in a denial of service↗2019-01-31
Bugzilla
▶
Bugzilla▶
CVE-2018-2767 mariadb: mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) [fedora-all]↗2018-04-09
Bugzilla▶
CVE-2018-2767 community-mysql: mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) [fedora-all]↗2018-04-09