Vulnerability Description
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 12.04 |
| Mariadb | Mariadb | >= 5.5.20, < 5.5.47 |
| Redhat | Enterprise Linux | 6.0 |
| Oracle | Mysql | >= 5.5.0, <= 5.5.46 |
| Oracle | Solaris | 11.3 |
| Oracle | Linux | 7 |
| Opensuse | Leap | 42.1 |
| Opensuse | Opensuse | 13.2 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Hpc Node | 7.0 |
| Redhat | Enterprise Linux Hpc Node Eus | 7.2 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Server Aus | 7.2 |
| Redhat | Enterprise Linux Server Eus | 7.2 |
| Redhat | Enterprise Linux Workstation | 7.0 |
| Debian | Debian Linux | 8.0 |
References
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-0534.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-0705.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-1480.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-1481.htmlThird Party Advisory
- http://www.debian.org/security/2016/dsa-3453PatchThird Party Advisory
- http://www.debian.org/security/2016/dsa-3459Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.hVendor Advisory
FAQ
What is CVE-2016-0546?
CVE-2016-0546 is a vulnerability with a CVSS score of 7.2 (HIGH). Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect con...
How severe is CVE-2016-0546?
CVE-2016-0546 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-0546?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Mariadb Mariadb, Redhat Enterprise Linux, Oracle Mysql, Oracle Solaris.