PT-2016-7333 · Mysql Server+5 · Mysql Server+5

Gorka Irazoqui Apecechea

Publicado

2016-10-17

Atualizado

2024-06-15

CVE-2016-7440

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 3.9.10 MySQL Server versions 5.5.52 and earlier, 5.6.33 and earlier, 5.7.15 and earlier

Description The issue concerns a problem with the AES Encryption and Decryption implementation in wolfSSL, making it easier for local users to discover AES keys by leveraging cache-bank timing differences. In the case of MySQL Server, a vulnerability allows a high-privileged attacker with network access to compromise the server, potentially causing a hang or crash.

Recommendations For wolfSSL versions prior to 3.9.10, update to version 3.9.10 or later to resolve the issue. For MySQL Server versions 5.5.52 and earlier, 5.6.33 and earlier, 5.7.15 and earlier, update to a version later than the specified affected versions to mitigate the risk.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2016-2238

ALT-PU-2016-2272

CVE-2016-7440

DLA-708-1

DSA-3706-1

DSA-3711-1

MGASA-2016-0371

OPENSUSE-SU-2016_2769-1

OPENSUSE-SU-2016_2788-1

OPENSUSE-SU-2016_3025-1

OPENSUSE-SU-2016_3028-1

OPENSUSE-SU-2024:10200-1

OPENSUSE-SU-2024:11038-1

SUSE-RU-2023:3956-1

SUSE-RU-2023:4991-1

SUSE-SU-2016:2780-1

SUSE-SU-2016:2932-1

SUSE-SU-2016:2933-1

USN-3109-1

Produtos afetados

Alt Linux

Mariadb Server

Mysql Server

Suse

Ubuntu

Wolfssl

PT-2016-7333 · Mysql Server+5 · Mysql Server+5

CVE-2016-7440

Identificadores relacionados

Produtos afetados

Referências · 644