Main Vulnerability Database Vulnerabilities #VU77802

#VU77802 Resource exhaustion in MySQL Server - CVE-2018-3247

Published: June 29, 2023

Vulnerability identifier: #VU77802

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-3247

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
MySQL Server

Software vendor:
Oracle

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote privileged user can cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.

Remediation

Install updates from vendor's website.

External links

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/105600
http://www.securitytracker.com/id/1041888
https://access.redhat.com/errata/RHSA-2018:3655
https://security.netapp.com/advisory/ntap-20181018-0002/
https://usn.ubuntu.com/3799-1/

#VU77802 Resource exhaustion in MySQL Server - CVE-2018-3247

Description

Remediation

External links

Please verify you're human