PT-2018-3549 · Mysql Server+8 · Mysql Client+8

Alves Christopher

Published

2018-06-04

Updated

2025-06-10

CVE-2020-14550

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: MySQL Client versions 5.6.48 and prior MySQL Client versions 5.7.30 and prior MySQL Client versions 8.0.20 and prior

Description: The issue is related to insufficient input validation in the C API component of the MySQL Client product. It allows a low-privileged attacker with network access via multiple protocols to compromise the MySQL Client. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash of the MySQL Client.

Recommendations: For versions 5.6.48 and prior, update to a version later than 5.6.48 to resolve the issue. For versions 5.7.30 and prior, update to a version later than 5.7.30 to resolve the issue. For versions 8.0.20 and prior, update to a version later than 8.0.20 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Client to minimize the risk of exploitation.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2020:3732

ALT-PU-2018-1842

ALT-PU-2020-2640

ALT-PU-2021-2380

ALT-PU-2021-3668

BDU:2020-04274

BIT-MARIADB-2020-14550

BIT-MARIADB-MIN-2020-14550

BIT-MYSQL-CLIENT-2020-14550

CESA-2019_2327

CESA-2020_3732

CVE-2020-14550

RHSA-2019:1258

RHSA-2019:2327

RHSA-2019_2327

RHSA-2020:3518

RHSA-2020:3732

RHSA-2020:3755

RHSA-2020:3757

RHSA-2020_3732

RLSA-2020:3732

USN-4441-1

USN-4441-2

Affected Products

Alt Linux

Almalinux

Centos

Linuxmint

Mariadb Server

Mysql Client

Red Hat

Rocky Linux

Ubuntu

PT-2018-3549 · Mysql Server+8 · Mysql Client+8

CVE-2020-14550

Weakness Enumeration

Related Identifiers

Affected Products

References · 1039