CVE-2016-6663

Advisory lineage Upstream: 0 Downstream: 14
Modified
Published: 13 Dec 2016, 21:00
Last modified:06 Aug 2024, 01:36

Vulnerability Summary

Overall Risk (default)
medium
39/100
CVSS Score
7 HIGH
v3.0 (nvd)
EPSS Score
2.61% LOW
3% probability -0.63%
KEV
Not listed
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected

Timeline

13 Dec 2016, 21:00
Published
Vulnerability first disclosed
06 Aug 2024, 01:36
Last Modified
Vulnerability information updated

Description

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.

CVSS Metrics

  • v3.0HIGHScore: 7CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • v2.0MEDIUMScore: 4.4AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 2.61% Percentile: 86%

Techniques & Countermeasures

  • CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

    The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Affected Systems

  • mariadbmariadb

    ≥ 5.5.20, < 5.5.52 | ≥ 10.0.0, < 10.0.28 | ≥ 10.1.0, < 10.1.18

  • oraclemysql

    ≥ 5.5.0, ≤ 5.5.52 | ≥ 5.6.0, ≤ 5.6.33 | ≥ 5.7.0, ≤ 5.7.15 | 8.0

  • perconapercona_server

    ≥ 5.5, < 5.5.51-38.2 | ≥ 5.6, < 5.6.32-78.1 | ≥ 5.7, < 5.7.14-8

  • perconaxtradb_cluster

    ≥ 5.5, < 5.5.41-37.0 | ≥ 5.6, < 5.6.32-25.17 | ≥ 5.7, < 5.7.14-26.17

References (24)