CVE-2018-3174 : Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).

Published 2018-10-17 01:31:20

Updated 2022-12-06 21:33:13

Source Oracle

View at NVD, CVE.org

Vulnerability category: Denial of service

Threat overview for CVE-2018-3174

Top countries where our scanners detected CVE-2018-3174

Top open port discovered on systems with this issue 3306

IPs affected by CVE-2018-3174 219,166

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2018-3174!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2018-3174

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 13 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2018-3174

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
1.9	LOW	AV:L/AC:M/Au:N/C:N/I:N/A:P	3.4	2.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.3	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H	0.8	4.0	NIST
Attack Vector: Local Attack Complexity: High Privileges Required: High User Interaction: None Scope: Changed Confidentiality: None Integrity: None Availability: High

References for CVE-2018-3174

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

CPU Oct 2018
Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/105612

Oracle MySQL Server CVE-2018-3174 Local Security Vulnerability
Third Party Advisory;VDB Entry
https://usn.ubuntu.com/3799-1/

USN-3799-1: MySQL vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html

[SECURITY] [DLA 1566-1] mysql-5.5 security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1041888

MySQL Multiple Flaws Let Remote Users Gain Elevated Privileges, Remote Authenticated Users Access and Modify Data, and Remote and Local Users Deny Service - SecurityTracker
Broken Link;Third Party Advisory;VDB Entry

CVEs referencing this url
https://security.gentoo.org/glsa/201908-24

MariaDB, MySQL: Multiple vulnerabilities (GLSA 201908-24) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3799-2/

USN-3799-2: MySQL vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20181018-0002/

October 2018 MySQL Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html

[SECURITY] [DLA 1570-1] mariadb-10.0 security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:1258

RHSA-2019:1258 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2018:3655

RHSA-2018:3655 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2018/dsa-4341

Debian -- Security Information -- DSA-4341-1 mariadb-10.1
Third Party Advisory

CVEs referencing this url

Products affected by CVE-2018-3174

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql
Versions from including (>=) 5.6.0 and up to, including, (<=) 5.6.41
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql
Versions from including (>=) 5.5.0 and up to, including, (<=) 5.5.61
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql
Versions from including (>=) 5.7.0 and up to, including, (<=) 5.7.23
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql
Versions from including (>=) 8.0.0 and up to, including, (<=) 8.0.12
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.10
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Matching versions
Netapp » Oncommand Workflow Automation » Version: N/A
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Insight » Version: N/A
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
Matching versions
Netapp » Snapcenter » Version: N/A
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
Matching versions
Netapp » Active Iq Unified Manager » For Windows
Versions from including (>=) 7.3
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
Matching versions
Netapp » Active Iq Unified Manager » For Vmware Vsphere
Versions from including (>=) 9.5
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 10.1.0 and before (<) 10.1.37
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 10.2.0 and before (<) 10.2.19
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 10.3.0 and before (<) 10.3.11
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 10.0.0 and before (<) 10.0.37
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 5.5.0 and before (<) 5.5.62
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2018-3174

Threat overview for CVE-2018-3174

Exploit prediction scoring system (EPSS) score for CVE-2018-3174

CVSS scores for CVE-2018-3174

References for CVE-2018-3174

Products affected by CVE-2018-3174