| VID |
25305 |
| Severity |
40 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The version of MariaDB running on the remote host is 5.5.x prior to 5.5.62. It is, therefore, affected by multiple denial of service vulnerabilities.
- A denial of service vulnerability exists in the crc32_big() function within file crc32.c due to an out-of bounds pointer flaw.
An unauthenticated, remote attacker can exploit this, via a specially crafted document, to cause the application to stop responding. (CVE-2016-9843)
- A denial of service vulnerability exists in the MySQL component of Oracle MySQL (subcomponent: Client programs). An authenticated, local attacker can exploit this issue, to cause MySQL Server to stop responding. (CVE-2018-3174)
- A denial of service vulnerability exists in the MySQL component of Oracle MySQL (subcomponent: Server: Storage Engines). An authenticated, remote attacker can exploit this issue, to cause MySQL Server to stop responding. (CVE-2018-3282)
- A denial of service vulnerability exists in the MySQL component of Oracle MySQL (subcomponent: Server: Connection Handling). An authenticated, adjacent attacker can exploit this, to cause MySQL Server to stop responding. (CVE-2019-2503)
* References:
https://mariadb.com/kb/en/mariadb-5562-release-notes
* Platforms Affected:
MariaDB versions 5.5.x prior to 5.5.62
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MySQL (5.5.62 or later), available from the MySQL Web site at http://www.mysql.com/ |
| Related URL |
CVE-2016-9843,CVE-2018-3174,CVE-2018-3282,CVE-2019-2503 (CVE) |
| Related URL |
95131,105610,105612,106626 (SecurityFocus) |
| Related URL |
(ISS) |
|
