Vulnerability Details : CVE-2016-0546
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.
Products affected by CVE-2016-0546
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Threat overview for CVE-2016-0546
Top countries where our scanners detected CVE-2016-0546
Top open port discovered on systems with this issue
53
IPs affected by CVE-2016-0546 137,510
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-0546!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-0546
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 15 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-0546
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
References for CVE-2016-0546
-
http://rhn.redhat.com/errata/RHSA-2016-1481.html
RHSA-2016:1481 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Oracle Critical Patch Update - January 2016Vendor Advisory
-
http://www.ubuntu.com/usn/USN-2881-1
USN-2881-1: MySQL vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html
[security-announce] openSUSE-SU-2016:0377-1: important: Security updateMailing List;Third Party Advisory
-
https://mariadb.com/kb/en/mdb-10023-rn/
MariaDB 10.0.23 Release Notes - MariaDB Knowledge BaseVendor Advisory
-
http://www.securityfocus.com/bid/81066
Oracle MySQL CVE-2016-0546 Local Security VulnerabilityThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html
[security-announce] openSUSE-SU-2016:1664-1: important: Security updateMailing List;Third Party Advisory
-
http://www.debian.org/security/2016/dsa-3459
Debian -- Security Information -- DSA-3459-1 mysql-5.5Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html
[security-announce] SUSE-SU-2016:1620-1: important: Security update forMailing List;Third Party Advisory
-
http://www.securitytracker.com/id/1034708
MySQL Multiple Bugs Let Remote Users Access Data and Deny Service, Remote Authenticated Users Modify Data, and Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0534.html
RHSA-2016:0534 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f
Bug#21973610: BUFFER OVERFLOW ISSUES · mysql/mysql-server@0dbd5a8 · GitHubThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html
[security-announce] SUSE-SU-2016:1619-1: important: Security update forMailing List;Third Party Advisory
-
https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html
MySQL :: MySQL 5.6 Release Notes :: Changes in MySQL 5.6.28 (2015-12-07, General Availability)Vendor Advisory
-
https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/
MariaDB 10.1.10 Release Notes - MariaDB Knowledge BaseVendor Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Oracle Linux Bulletin - April 2016Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html
[security-announce] openSUSE-SU-2016:0367-1: important: Security updateThird Party Advisory
-
https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/
MariaDB 5.5.47 Release Notes - MariaDB Knowledge BaseVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1301493
1301493 – (CVE-2016-0546) CVE-2016-0546 mysql: unspecified vulnerability in subcomponent: Client (CPU January 2016)Issue Tracking;Third Party Advisory
-
https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html
MySQL :: MySQL 5.5 Release Notes :: Changes in MySQL 5.5.47 (2015-12-07, General Availability)Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2016:1132
RHSA-2016:1132 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0705.html
RHSA-2016:0705 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html
[security-announce] openSUSE-SU-2016:1686-1: important: Security updateThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-1480.html
RHSA-2016:1480 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.debian.org/security/2016/dsa-3453
Debian -- Security Information -- DSA-3453-1 mariadb-10.0Patch;Third Party Advisory
Jump to