#VU77802 Resource exhaustion in MySQL Server
Vulnerability identifier: #VU77802
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-400
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
MySQL Server
Server applications /
Database software
Vendor: Oracle
Description
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote privileged user can cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
MySQL Server: 5.6.0 - 5.6.41, 5.7.0 - 5.7.23, 8.0.0 - 8.0.12
External links
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/105600
http://www.securitytracker.com/id/1041888
http://access.redhat.com/errata/RHSA-2018:3655
http://security.netapp.com/advisory/ntap-20181018-0002/
http://usn.ubuntu.com/3799-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
