Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 708086 (CVE-2020-2574)

Summary: [TRACKER] Use of uninitialized valued in libmysql (client.cc function run_plugin_auth)
Product: Gentoo Security Reporter: Thomas Deutschmann (RETIRED) <whissi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal Keywords: Tracker
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/MariaDB/server/commit/4d1c1b23e1373bbd4e72f524e855f1db076d2c73#diff-5b45fa673c88c06a9651c7906364f592
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 708088, 708090, 708092    
Bug Blocks:    

Description Thomas Deutschmann (RETIRED) gentoo-dev 2020-02-03 19:44:51 UTC 
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).