Уязвимость DoS атаки в продукте MySQL Client от Oracle MySQL через компонент C API
Описание
Данная уязвимость в продукте MySQL Client от Oracle MySQL позволяет неаутентифицированному злоумышленнику с сетевым доступом через несколько протоколов компрометировать MySQL Client. Успешная эксплуатация этой уязвимости даёт возможность неавторизованно вызвать зависание или часто повторяющееся аварийное завершение работы (полная DoS атака) MySQL Client.
Затронутые версии ПО
- Версии 5.6.46 и более ранние
- Версии 5.7.28 и более ранние
- Версии 8.0.18 и более ранние
Тип уязвимости
- DoS атака (зависание или аварийное завершение работы)
CVSS
- Базовая оценка CVSS 3.0: 5.9 (Влияние на доступность)
- Вектор CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Одно из
Одно из
Одно из
Одно из
EPSS
5.9 Medium
CVSS3
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Client product of Oracle MySQL (component: ...
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
EPSS
5.9 Medium
CVSS3
5.9 Medium
CVSS3
4.3 Medium
CVSS2