708086 – (CVE-2020-2574) [TRACKER] Use of uninitialized valued in libmysql (client.cc function run_plugin_auth)

Bug 708086 (CVE-2020-2574) - [TRACKER] Use of uninitialized valued in libmysql (client.cc function run_plugin_auth)

Summary: [TRACKER] Use of uninitialized valued in libmysql (client.cc function run_plu...

Status:	RESOLVED FIXED

Alias:	CVE-2020-2574

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://github.com/MariaDB/server/com...
Whiteboard:
Keywords:	Tracker

Depends on:	708088 708090 708092
Blocks:
	Show dependency tree

Reported:	2020-02-03 19:44 UTC by Thomas Deutschmann (RETIRED)
Modified:	2022-06-14 20:12 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Deutschmann (RETIRED) gentoo-dev

2020-02-03 19:44:51 UTC

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).