CVE-2018-3174
published 2018-10-17CVE-2018-3174: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41…
PriorityP417medium5.3CVSS 3.1
AVLACHPRHUINSCCNINAH
EPSS
0.81%
52.0th percentile
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).
Affected
40 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| mariadb | mariadb | >= 0 < 10.3.11-r0 | 10.3.11-r0 |
| mariadb | mariadb | >= 0 < 10.3.11-r0 | 10.3.11-r0 |
| mariadb | mariadb | >= 0 < 10.3.11-r0 | 10.3.11-r0 |
| mariadb | mariadb | >= 0 < 10.3.11-r0 | 10.3.11-r0 |
| mariadb | mariadb | >= 0 < 10.3.11-r0 | 10.3.11-r0 |
| mariadb | mariadb | >= 0 < 10.3.11-r0 | 10.3.11-r0 |
| mariadb | mariadb | >= 0 < 10.3.11-r0 | 10.3.11-r0 |
| mariadb | mariadb | >= 0 < 10.3.11-r0 | 10.3.11-r0 |
| mariadb | mariadb | >= 0 < 10.3.11-r0 | 10.3.11-r0 |
| mariadb | mariadb | >= 0 < 10.3.11-r0 | 10.3.11-r0 |
| mariadb | mariadb | >= 0 < 10.3.11-r0 | 10.3.11-r0 |
| mariadb | mariadb | >= 0 < 10.3.11-r0 | 10.3.11-r0 |
| mariadb | mariadb | >= 0 < 10.3.11-r0 | 10.3.11-r0 |
| mariadb | mariadb | >= 0 < 10.3.11-r0 | 10.3.11-r0 |
| mariadb | mariadb | >= 0 < 10.1.37-r0 | 10.1.37-r0 |
| mariadb | mariadb | >= 0 < 10.1.37-r0 | 10.1.37-r0 |
| mariadb | mariadb | >= 0 < 10.2.19-r0 | 10.2.19-r0 |
| mariadb | mariadb | >= 0 < 10.3.11-r0 | 10.3.11-r0 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
nvdv2.01.9LOWAV:L/AC:M/Au:N/C:N/I:N/A:P
osv5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2018-10-29
CVE-2018-3133 MySQL vulnerabilities
Title: MySQL vulnerabilities
Summary: Several security issues were fixed in MySQL.
USN-3799-1 fixed a vulnerability in MySQL. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.5.62 in Ubuntu 12.04 ESM.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-62.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Instructions: In general, a standard system update will make all the necessary change
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2018-10-23
CVE-2018-3133 MySQL vulnerabilities
Title: MySQL vulnerabilities
Summary: Several security issues were fixed in MySQL.
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.5.62 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.24.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-62.html
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-24.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Instructions: In general, a standard system update will make all the nece
Red Hat
mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018)
vendor_redhat·2018-10-16·CVSS 5.3
CVE-2018-3174 [MEDIUM] mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018)
mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0
GHSA
GHSA-x7c7-vrm4-2pvw: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs)
ghsa_unreviewed·2022-05-13
CVE-2018-3174 [MEDIUM] GHSA-x7c7-vrm4-2pvw: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).
OSV
CVE-2018-3174: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs)
osv·2018-10-17·CVSS 5.3
CVE-2018-3174 [MEDIUM] CVE-2018-3174: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).
No detection rules found.
No public exploits indexed.
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.securityfocus.com/bid/105612http://www.securitytracker.com/id/1041888https://access.redhat.com/errata/RHSA-2018:3655https://access.redhat.com/errata/RHSA-2019:1258https://lists.debian.org/debian-lts-announce/2018/11/msg00004.htmlhttps://lists.debian.org/debian-lts-announce/2018/11/msg00007.htmlhttps://security.gentoo.org/glsa/201908-24https://security.netapp.com/advisory/ntap-20181018-0002/https://usn.ubuntu.com/3799-1/https://usn.ubuntu.com/3799-2/https://www.debian.org/security/2018/dsa-4341http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.securityfocus.com/bid/105612http://www.securitytracker.com/id/1041888https://access.redhat.com/errata/RHSA-2018:3655https://access.redhat.com/errata/RHSA-2019:1258https://lists.debian.org/debian-lts-announce/2018/11/msg00004.htmlhttps://lists.debian.org/debian-lts-announce/2018/11/msg00007.htmlhttps://security.gentoo.org/glsa/201908-24https://security.netapp.com/advisory/ntap-20181018-0002/https://usn.ubuntu.com/3799-1/https://usn.ubuntu.com/3799-2/https://www.debian.org/security/2018/dsa-4341
2018-10-17
Published