Vulnerability Details CVE-2016-0546
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.8%
CVSS Severity
CVSS v2 Score 7.2
References
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html
- http://rhn.redhat.com/errata/RHSA-2016-0534.html
- http://rhn.redhat.com/errata/RHSA-2016-0705.html
- http://rhn.redhat.com/errata/RHSA-2016-1480.html
- http://rhn.redhat.com/errata/RHSA-2016-1481.html
- http://www.debian.org/security/2016/dsa-3453
- http://www.debian.org/security/2016/dsa-3459
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/81066
- http://www.securitytracker.com/id/1034708
- http://www.ubuntu.com/usn/USN-2881-1
- https://access.redhat.com/errata/RHSA-2016:1132
- https://bugzilla.redhat.com/show_bug.cgi?id=1301493
- https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html
- https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html
- https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f
- https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/
- https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/
- https://mariadb.com/kb/en/mdb-10023-rn/
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html
- http://rhn.redhat.com/errata/RHSA-2016-0534.html
- http://rhn.redhat.com/errata/RHSA-2016-0705.html
- http://rhn.redhat.com/errata/RHSA-2016-1480.html
- http://rhn.redhat.com/errata/RHSA-2016-1481.html
- http://www.debian.org/security/2016/dsa-3453
- http://www.debian.org/security/2016/dsa-3459
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/81066
- http://www.securitytracker.com/id/1034708
- http://www.ubuntu.com/usn/USN-2881-1
- https://access.redhat.com/errata/RHSA-2016:1132
- https://bugzilla.redhat.com/show_bug.cgi?id=1301493
- https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html
- https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html
- https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f
- https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/
- https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/
- https://mariadb.com/kb/en/mdb-10023-rn/
Products affected by CVE-2016-0546
-
cpe:2.3:a:mariadb:mariadb:10.0.0
-
cpe:2.3:a:mariadb:mariadb:10.0.1
-
cpe:2.3:a:mariadb:mariadb:10.0.10
-
cpe:2.3:a:mariadb:mariadb:10.0.11
-
cpe:2.3:a:mariadb:mariadb:10.0.12
-
cpe:2.3:a:mariadb:mariadb:10.0.13
-
cpe:2.3:a:mariadb:mariadb:10.0.14
-
cpe:2.3:a:mariadb:mariadb:10.0.15
-
cpe:2.3:a:mariadb:mariadb:10.0.16
-
cpe:2.3:a:mariadb:mariadb:10.0.17
-
cpe:2.3:a:mariadb:mariadb:10.0.18
-
cpe:2.3:a:mariadb:mariadb:10.0.19
-
cpe:2.3:a:mariadb:mariadb:10.0.2
-
cpe:2.3:a:mariadb:mariadb:10.0.20
-
cpe:2.3:a:mariadb:mariadb:10.0.21
-
cpe:2.3:a:mariadb:mariadb:10.0.22
-
cpe:2.3:a:mariadb:mariadb:10.0.3
-
cpe:2.3:a:mariadb:mariadb:10.0.4
-
cpe:2.3:a:mariadb:mariadb:10.0.5
-
cpe:2.3:a:mariadb:mariadb:10.0.6
-
cpe:2.3:a:mariadb:mariadb:10.0.7
-
cpe:2.3:a:mariadb:mariadb:10.0.8
-
cpe:2.3:a:mariadb:mariadb:10.0.9
-
cpe:2.3:a:mariadb:mariadb:10.1.0
-
cpe:2.3:a:mariadb:mariadb:10.1.1
-
cpe:2.3:a:mariadb:mariadb:10.1.2
-
cpe:2.3:a:mariadb:mariadb:10.1.3
-
cpe:2.3:a:mariadb:mariadb:10.1.4
-
cpe:2.3:a:mariadb:mariadb:10.1.5
-
cpe:2.3:a:mariadb:mariadb:10.1.6
-
cpe:2.3:a:mariadb:mariadb:10.1.7
-
cpe:2.3:a:mariadb:mariadb:10.1.8
-
cpe:2.3:a:mariadb:mariadb:10.1.9
-
cpe:2.3:a:mariadb:mariadb:5.5.20
-
cpe:2.3:a:mariadb:mariadb:5.5.21
-
cpe:2.3:a:mariadb:mariadb:5.5.22
-
cpe:2.3:a:mariadb:mariadb:5.5.23
-
cpe:2.3:a:mariadb:mariadb:5.5.24
-
cpe:2.3:a:mariadb:mariadb:5.5.25
-
cpe:2.3:a:mariadb:mariadb:5.5.27
-
cpe:2.3:a:mariadb:mariadb:5.5.28
-
cpe:2.3:a:mariadb:mariadb:5.5.28a
-
cpe:2.3:a:mariadb:mariadb:5.5.33
-
cpe:2.3:a:mariadb:mariadb:5.5.34
-
cpe:2.3:a:mariadb:mariadb:5.5.35
-
cpe:2.3:a:mariadb:mariadb:5.5.40
-
cpe:2.3:a:mariadb:mariadb:5.5.43
-
cpe:2.3:a:mariadb:mariadb:5.5.46
-
cpe:2.3:a:oracle:mysql:5.5.0
-
cpe:2.3:a:oracle:mysql:5.5.1
-
cpe:2.3:a:oracle:mysql:5.5.10
-
cpe:2.3:a:oracle:mysql:5.5.11
-
cpe:2.3:a:oracle:mysql:5.5.12
-
cpe:2.3:a:oracle:mysql:5.5.13
-
cpe:2.3:a:oracle:mysql:5.5.14
-
cpe:2.3:a:oracle:mysql:5.5.15
-
cpe:2.3:a:oracle:mysql:5.5.16
-
cpe:2.3:a:oracle:mysql:5.5.17
-
cpe:2.3:a:oracle:mysql:5.5.18
-
cpe:2.3:a:oracle:mysql:5.5.19
-
cpe:2.3:a:oracle:mysql:5.5.2
-
cpe:2.3:a:oracle:mysql:5.5.20
-
cpe:2.3:a:oracle:mysql:5.5.21
-
cpe:2.3:a:oracle:mysql:5.5.22
-
cpe:2.3:a:oracle:mysql:5.5.23
-
cpe:2.3:a:oracle:mysql:5.5.24
-
cpe:2.3:a:oracle:mysql:5.5.25
-
cpe:2.3:a:oracle:mysql:5.5.26
-
cpe:2.3:a:oracle:mysql:5.5.27
-
cpe:2.3:a:oracle:mysql:5.5.28
-
cpe:2.3:a:oracle:mysql:5.5.29
-
cpe:2.3:a:oracle:mysql:5.5.3
-
cpe:2.3:a:oracle:mysql:5.5.30
-
cpe:2.3:a:oracle:mysql:5.5.31
-
cpe:2.3:a:oracle:mysql:5.5.32
-
cpe:2.3:a:oracle:mysql:5.5.33
-
cpe:2.3:a:oracle:mysql:5.5.34
-
cpe:2.3:a:oracle:mysql:5.5.35
-
cpe:2.3:a:oracle:mysql:5.5.36
-
cpe:2.3:a:oracle:mysql:5.5.37
-
cpe:2.3:a:oracle:mysql:5.5.38
-
cpe:2.3:a:oracle:mysql:5.5.39
-
cpe:2.3:a:oracle:mysql:5.5.4
-
cpe:2.3:a:oracle:mysql:5.5.40
-
cpe:2.3:a:oracle:mysql:5.5.41
-
cpe:2.3:a:oracle:mysql:5.5.42
-
cpe:2.3:a:oracle:mysql:5.5.43
-
cpe:2.3:a:oracle:mysql:5.5.44
-
cpe:2.3:a:oracle:mysql:5.5.45
-
cpe:2.3:a:oracle:mysql:5.5.46
-
cpe:2.3:a:oracle:mysql:5.5.5
-
cpe:2.3:a:oracle:mysql:5.5.6
-
cpe:2.3:a:oracle:mysql:5.5.7
-
cpe:2.3:a:oracle:mysql:5.5.8
-
cpe:2.3:a:oracle:mysql:5.5.9
-
cpe:2.3:a:oracle:mysql:5.6.0
-
cpe:2.3:a:oracle:mysql:5.6.1
-
cpe:2.3:a:oracle:mysql:5.6.10
-
cpe:2.3:a:oracle:mysql:5.6.11
-
cpe:2.3:a:oracle:mysql:5.6.12
-
cpe:2.3:a:oracle:mysql:5.6.13
-
cpe:2.3:a:oracle:mysql:5.6.14
-
cpe:2.3:a:oracle:mysql:5.6.15
-
cpe:2.3:a:oracle:mysql:5.6.16
-
cpe:2.3:a:oracle:mysql:5.6.17
-
cpe:2.3:a:oracle:mysql:5.6.18
-
cpe:2.3:a:oracle:mysql:5.6.19
-
cpe:2.3:a:oracle:mysql:5.6.2
-
cpe:2.3:a:oracle:mysql:5.6.20
-
cpe:2.3:a:oracle:mysql:5.6.21
-
cpe:2.3:a:oracle:mysql:5.6.22
-
cpe:2.3:a:oracle:mysql:5.6.23
-
cpe:2.3:a:oracle:mysql:5.6.24
-
cpe:2.3:a:oracle:mysql:5.6.25
-
cpe:2.3:a:oracle:mysql:5.6.26
-
cpe:2.3:a:oracle:mysql:5.6.27
-
cpe:2.3:a:oracle:mysql:5.6.3
-
cpe:2.3:a:oracle:mysql:5.6.4
-
cpe:2.3:a:oracle:mysql:5.6.5
-
cpe:2.3:a:oracle:mysql:5.6.6
-
cpe:2.3:a:oracle:mysql:5.6.7
-
cpe:2.3:a:oracle:mysql:5.6.8
-
cpe:2.3:a:oracle:mysql:5.6.9
-
cpe:2.3:a:oracle:mysql:5.7.0
-
cpe:2.3:a:oracle:mysql:5.7.1
-
cpe:2.3:a:oracle:mysql:5.7.2
-
cpe:2.3:a:oracle:mysql:5.7.3
-
cpe:2.3:a:oracle:mysql:5.7.4
-
cpe:2.3:a:oracle:mysql:5.7.5
-
cpe:2.3:a:oracle:mysql:5.7.6
-
cpe:2.3:a:oracle:mysql:5.7.7
-
cpe:2.3:a:oracle:mysql:5.7.8
-
cpe:2.3:a:oracle:mysql:5.7.9
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:15.04
-
cpe:2.3:o:canonical:ubuntu_linux:15.10
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:opensuse:leap:42.1
-
cpe:2.3:o:opensuse:opensuse:13.2
-
cpe:2.3:o:oracle:linux:7
-
cpe:2.3:o:oracle:solaris:11.3
-
cpe:2.3:o:redhat:enterprise_linux:6.0
-
cpe:2.3:o:redhat:enterprise_linux:7.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
-
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0
-
cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2
-
cpe:2.3:o:redhat:enterprise_linux_server:7.0
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2
-
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2
-
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0