PT-2016-6560 · Oracle+5 · Mysql Server+4

Published

2016-10-17

Updated

2024-06-15

CVE-2016-5584

CVSS v3.1

4.4

Medium

Vector

AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 5.5.52 and earlier Oracle MySQL versions 5.6.33 and earlier Oracle MySQL versions 5.7.15 and earlier

Description The issue affects the confidentiality of data and is related to encryption in the Server component of Oracle MySQL. It can be exploited by a high-privileged attacker with network access via multiple protocols, potentially leading to a denial of service (DOS) through crashing or hanging the MySQL Server.

Recommendations For Oracle MySQL versions 5.5.52 and earlier, update to a version later than 5.5.52 to resolve the issue. For Oracle MySQL versions 5.6.33 and earlier, update to a version later than 5.6.33 to resolve the issue. For Oracle MySQL versions 5.7.15 and earlier, update to a version later than 5.7.15 to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2016-2238

ALT-PU-2016-2272

CVE-2016-5584

DLA-708-1

DSA-3706-1

DSA-3711-1

MGASA-2016-0371

OPENSUSE-SU-2016_2769-1

OPENSUSE-SU-2016_2788-1

OPENSUSE-SU-2016_3025-1

OPENSUSE-SU-2016_3028-1

OPENSUSE-SU-2024:10200-1

OPENSUSE-SU-2024:11038-1

SUSE-RU-2023:3956-1

SUSE-RU-2023:4991-1

SUSE-SU-2016:2780-1

SUSE-SU-2016:2932-1

SUSE-SU-2016:2933-1

USN-3109-1

Affected Products

Alt Linux

Mariadb Server

Mysql Server

Suse

Ubuntu

PT-2016-6560 · Oracle+5 · Mysql Server+4

CVE-2016-5584

Related Identifiers

Affected Products

References · 642