PT-2019-5368 · Mysql Server+8 · Mysql Client+8

Published

2015-09-02

·

Updated

2025-06-10

·

CVE-2020-2922

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions MySQL Client versions 5.6.47 and prior MySQL Client versions 5.7.29 and prior MySQL Client versions 8.0.18 and prior
Description The issue is related to a lack of protection for service data in the MySQL Client C API component. It allows a remote attacker to gain unauthorized access to protected information using the MySQL network protocol. The vulnerability is difficult to exploit and can result in unauthorized read access to a subset of MySQL Client accessible data.
Recommendations For versions 5.6.47 and prior, update to a version later than 5.6.47 to resolve the issue. For versions 5.7.29 and prior, update to a version later than 5.7.29 to resolve the issue. For versions 8.0.18 and prior, update to a version later than 8.0.18 to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALSA-2019:3708
ALSA-2020:3732
ALSA-2020:5503
ALT-PU-2015-1749
ALT-PU-2019-2435
ALT-PU-2019-2436
ALT-PU-2020-1220
ALT-PU-2020-1827
BDU:2020-02584
BIT-MARIADB-2020-2922
BIT-MARIADB-MIN-2020-2922
BIT-MYSQL-CLIENT-2020-2922
CESA-2019_3708
CESA-2020_1100
CESA-2020_3732
CESA-2020_5503
CVE-2020-2922
OESA-2022-1552
RHSA-2019:3708
RHSA-2019_3708
RHSA-2020:1100
RHSA-2020:3518
RHSA-2020:3732
RHSA-2020:3755
RHSA-2020:3757
RHSA-2020:4174
RHSA-2020:5246
RHSA-2020:5503
RHSA-2020:5655
RHSA-2020:5660
RHSA-2020:5662
RHSA-2020:5663
RHSA-2020_1100
RHSA-2020_3732
RHSA-2020_5503
RLSA-2019:3708
RLSA-2020:3732
RLSA-2020:5503
USN-4350-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Mariadb Server
Mysql Client
Red Hat
Rocky Linux
Ubuntu