| VID |
25189 |
| Severity |
40 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The version of MySQL running on the remote host is 5.7.x prior to 5.7.13. It is, therefore, affected by multiple vulnerabilities :
- Multiple flaws exist in InnoDB that are triggered when handling specially crafted 'ALTER TABLE' operations. An authenticated, remote attacker can exploit these issues to crash the database, resulting in a denial of service condition. (VulnDB 139551)
- Multiple overflow conditions exist due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code. (VulnDB 139552)
- A NULL pointer dereference flaw exists in a parser structure that is triggered during the validation of stored procedure names. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. (VulnDB 139553)
- Multiple overflow conditions exist in the InnoDB memcached plugin due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code. (VulnDB 139554)
- An unspecified flaw exists that is triggered when invoking Enterprise Encryption functions in multiple threads simultaneously or after creating and dropping them. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. (VulnDB 139555)
- An unspecified flaw exists that is triggered when handling a 'SELECT ... GROUP BY ... FOR UPDATE' query executed with a loose index scan. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. (VulnDB 139556)
- An unspecified flaw exists that is triggered when performing a 'FLUSH TABLES' operation on a table with a discarded tablespace. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. (VulnDB 139558)
- A flaw exists in InnoDB that is triggered when performing an 'OPTIMIZE TABLE' operation on a table with a full-text index. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. (VulnDB 139559)
- An unspecified flaw exists that is triggered when performing an UPDATE operation on a generated virtual BLOB column. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. (VulnDB 139560)
- An unspecified flaw exists that is triggered when performing a 'SHOW CREATE TABLE' operation on a table with a generated column. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. (VulnDB 139561)
* Note: This check solely relied on the banner of the remote MySQL server to assess this vulnerability, so this might be a false positive.
* References:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-13.htm
* Platforms Affected:
MariaDB versions 5.7.x prior to 5.7.13
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MySQL (5.7.13 or later), available from the MySQL Web site at http://www.mysql.com/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
