Main Vulnerability Database SB2016072110

SB2016072110 - Input validation error in MariaDB

Published: July 21, 2016 Updated: August 4, 2020

Security Bulletin ID SB2016072110

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2016-3477)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. Scores reflect additional information provided in http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3089849.xml: "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server."

Remediation

Install update from vendor's website.

SB2016072110 - Input validation error in MariaDB

Breakdown by Severity

Description

Remediation

References

Please verify you're human