CVE-2018-2767

Published: 7/18/2018 Last updated: 10/2/2024 Reserved: 12/15/2017

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).

CNA assigner: oracle (43595867-4340-4103-b7a2-9a5208d29a85) Requested by: n/a

Opam packages affected (2)

conf-mariadb conf-mysql

Products affected (1)

Product	Vendor	Version
MySQL Server	Oracle Corporation	QCA9888

References (20)

https://www.debian.org/security/2018/dsa-4341
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
https://usn.ubuntu.com/3725-1/
http://www.securitytracker.com/id/1041294
https://access.redhat.com/errata/RHSA-2018:2729
http://www.securityfocus.com/bid/103954
https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html
https://access.redhat.com/errata/RHSA-2018:2439
https://usn.ubuntu.com/3725-2/
https://security.netapp.com/advisory/ntap-20180726-0002/
https://www.debian.org/security/2018/dsa-4341
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
https://usn.ubuntu.com/3725-1/
http://www.securitytracker.com/id/1041294
https://access.redhat.com/errata/RHSA-2018:2729
http://www.securityfocus.com/bid/103954
https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html
https://access.redhat.com/errata/RHSA-2018:2439
https://usn.ubuntu.com/3725-2/
https://security.netapp.com/advisory/ntap-20180726-0002/