CVE-2023-22094 — Heap-based Buffer Overflow in Corporation Mysql Installer

CWE-122 — Heap-based Buffer Overflow6 documents6 sources

Severity

7.9HIGHNVD

EPSS

0.1%

top 79.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Mysql Installer Oracle Mysql Installer

Timeline

PublishedOct 17

Latest updateNov 14

Description

Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Supported versions that are affected are Prior to 1.6.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MySQL Installer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Installer, attacks may significantly impact additional products (sc…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:HExploitability: 1.5 | Impact: 5.8

Affected Packages2 packages

▶NVDoracle/mysql_installer< 1.6.8

▶CVEListV5oracle_corporation/mysql_installer* — 1.6.8

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-6qj5-v722-xhxc: Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General)↗2023-10-18

▶

OSV

CVE-2023-22094: Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General)↗2023-10-17

▶

CVEList

CVE-2023-22094: Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General)↗2023-10-17

▶

📋Vendor Advisories

Red Hat

gimp: PSD buffer overflow RCE↗2023-11-14

▶

Oracle

Oracle Oracle MySQL Risk Matrix: Installer: General — CVE-2023-22094↗2023-10-15

▶