CVE-2018-3174Oracle Mysql vulnerability

8 documents7 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 91.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
MariadbOracle MysqlOracle Corporation Mysql Server+3 more
Timeline
PublishedOct 17
Latest updateMay 13

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerabil

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 0.8 | Impact: 4.0

Affected Packages5 packages

CVEListV5oracle_corporation/mysql_server4 versions+3
NVDoracle/mysql5.5.05.5.61+3
NVDmariadb/mariadb5.5.05.5.62+4
Alpinemariadb/mariadb< 10.3.11-r0+17

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-x7c7-vrm4-2pvw: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs)2022-05-13
CVEList
CVE-2018-3174: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs)2018-10-17
OSV
CVE-2018-3174: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs)2018-10-17

📋Vendor Advisories

3
Ubuntu
MySQL vulnerabilities2018-10-29
Ubuntu
MySQL vulnerabilities2018-10-23
Red Hat
mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018)2018-10-16

💬Community

1
Bugzilla
CVE-2018-3174 mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018)2018-10-17
CVE-2018-3174 — Oracle Mysql vulnerability | cvebase