Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 708090

Summary: <dev-db/mysql-{5.7.29,8.0.19}: Use of uninitialized valued in libmysql (client.cc function run_plugin_auth) (CVE-2020-2574)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: mysql-bugs
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa+ cve]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 708086    

Description GLSAMaker/CVETool Bot gentoo-dev 2020-02-03 19:46:34 UTC
CVE-2020-2574 (https://nvd.nist.gov/vuln/detail/CVE-2020-2574):
  Vulnerability in the MySQL Client product of Oracle MySQL (component: C
  API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and
  prior and 8.0.18 and prior. Difficult to exploit vulnerability allows
  unauthenticated attacker with network access via multiple protocols to
  compromise MySQL Client. Successful attacks of this vulnerability can result
  in unauthorized ability to cause a hang or frequently repeatable crash
  (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability
  impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-24 18:00:10 UTC
Added to an existing GLSA.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2021-05-26 09:52:18 UTC
This issue was resolved and addressed in
 GLSA 202105-27 at https://security.gentoo.org/glsa/202105-27
by GLSA coordinator Thomas Deutschmann (whissi).