CVE-2016-6663

Published Dec 13, 2016

Last updated 6 years ago

CVSS high 7.0

Overview

Description: Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7
Impact score: 5.9
Exploitability score: 1
Vector string: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 4.4
Impact score: 6.4
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-362

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "982457CB-92BD-4CC2-A377-8AE7C44AE939",
            "versionEndIncluding": "5.5.52",
            "versionStartIncluding": "5.5.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6663D88B-4649-4910-A5FB-C384BC4C8AA7",
            "versionEndIncluding": "5.6.33",
            "versionStartIncluding": "5.6.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D0BA40E-DDBD-4419-8DED-39FEF868B737",
            "versionEndIncluding": "5.7.15",
            "versionStartIncluding": "5.7.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60C8B060-E593-4D21-AB7D-DD5C287B315A",
            "versionEndExcluding": "5.5.51-38.2",
            "versionStartIncluding": "5.5"
          },
          {
            "criteria": "cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93C4414B-CF0F-483D-AC22-8CA91ADDD822",
            "versionEndExcluding": "5.6.32-78.1",
            "versionStartIncluding": "5.6"
          },
          {
            "criteria": "cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28204957-5E37-4E3A-B2BC-A01A9DD784C0",
            "versionEndExcluding": "5.7.14-8",
            "versionStartIncluding": "5.7"
          },
          {
            "criteria": "cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84A27E79-2719-430A-8F24-1E39E59149A9",
            "versionEndExcluding": "5.5.41-37.0",
            "versionStartIncluding": "5.5"
          },
          {
            "criteria": "cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61EA03ED-0F66-4C3F-967B-8B6288DB3F46",
            "versionEndExcluding": "5.6.32-25.17",
            "versionStartIncluding": "5.6"
          },
          {
            "criteria": "cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F746563B-6F42-4539-8036-D740651AF959",
            "versionEndExcluding": "5.7.14-26.17",
            "versionStartIncluding": "5.7"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "207E36F9-63DA-41F4-8C54-D69F286D9B87",
            "versionEndExcluding": "5.5.52",
            "versionStartIncluding": "5.5.20"
          },
          {
            "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4C9A810-E03B-40D5-9B47-EFD7891283AE",
            "versionEndExcluding": "10.0.28",
            "versionStartIncluding": "10.0.0"
          },
          {
            "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B117F6E2-0BD3-4D6A-B69C-C26BF5BBA86D",
            "versionEndExcluding": "10.1.18",
            "versionStartIncluding": "10.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:mysql:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4F99BB0-CB87-4CBA-86F0-D27F050F1FA2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References