PT-2016-7333 · Mysql Server+5 · Mysql Server+5

Gorka Irazoqui Apecechea

Published

2016-10-17

Updated

2024-06-15

CVE-2016-7440

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 3.9.10 MySQL Server versions 5.5.52 and earlier, 5.6.33 and earlier, 5.7.15 and earlier

Description The issue concerns a problem with the AES Encryption and Decryption implementation in wolfSSL, making it easier for local users to discover AES keys by leveraging cache-bank timing differences. In the case of MySQL Server, a vulnerability allows a high-privileged attacker with network access to compromise the server, potentially causing a hang or crash.

Recommendations For wolfSSL versions prior to 3.9.10, update to version 3.9.10 or later to resolve the issue. For MySQL Server versions 5.5.52 and earlier, 5.6.33 and earlier, 5.7.15 and earlier, update to a version later than the specified affected versions to mitigate the risk.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2016-2238

ALT-PU-2016-2272

CVE-2016-7440

DLA-708-1

DSA-3706-1

DSA-3711-1

MGASA-2016-0371

OPENSUSE-SU-2016_2769-1

OPENSUSE-SU-2016_2788-1

OPENSUSE-SU-2016_3025-1

OPENSUSE-SU-2016_3028-1

OPENSUSE-SU-2024:10200-1

OPENSUSE-SU-2024:11038-1

SUSE-RU-2023:3956-1

SUSE-RU-2023:4991-1

SUSE-SU-2016:2780-1

SUSE-SU-2016:2932-1

SUSE-SU-2016:2933-1

USN-3109-1

Affected Products

Alt Linux

Mariadb Server

Mysql Server

Suse

Ubuntu

Wolfssl

PT-2016-7333 · Mysql Server+5 · Mysql Server+5

CVE-2016-7440

Related Identifiers

Affected Products

References · 644