Vulnerability CVE-2018-3133

Vulnerability Name:

CVE-2018-3133 (CCN-151449)

Assigned:

2017-12-15

Published:

2018-10-16

Updated:

2022-08-01

Summary:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS v3 Severity:

6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

6.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2018-3133

Source: CCN
Type: Oracle CPUOct2018
Oracle Critical Patch Update Advisory - October 2018

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Source: BID
Type: Third Party Advisory, VDB Entry
105610

Source: CCN
Type: BID-105610
Oracle MySQL Server Multiple Security Vulnerabilities

Source: SECTRACK
Type: Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory
1041888

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:3655

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:1258

Source: XF
Type: UNKNOWN
oracle-cpuoct2018-cve20183133(151449)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20181018-0002/

Source: UBUNTU
Type: Third Party Advisory
USN-3799-1

Source: UBUNTU
Type: Third Party Advisory
USN-3799-2

Source: CCN
Type: IBM Security Bulletin 793777 (Security Guardium)
IBM Security Guardium is affected by a publicly disclosed vulnerability from Oracle MySQL

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2018-3133

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 5.7.0 and <= 5.7.23)

OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 8.0.0 and <= 8.0.12)

OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 5.5.0 and <= 5.5.61)

OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 5.6.0 and <= 5.6.41)

Configuration 2:

cpe:/a:netapp:snapcenter:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:oncommand_unified_manager:*:*:*:*:*:vmware_vsphere:*:* (Version >= 9.4

OR cpe:/a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:* (Version >= 7.3

Configuration 3:

cpe:/o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

OR cpe:/o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

OR cpe:/o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

Configuration 4:

cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 5:

cpe:/a:mariadb:mariadb:*:*:*:*:*:*:*:* (Version >= 10.0.0 and < 10.0.34)

OR cpe:/a:mariadb:mariadb:*:*:*:*:*:*:*:* (Version >= 5.5.0 and < 5.5.59)

OR cpe:/a:mariadb:mariadb:*:*:*:*:*:*:*:* (Version >= 10.1.0 and < 10.1.30)

OR cpe:/a:mariadb:mariadb:*:*:*:*:*:*:*:* (Version >= 10.2.0 and < 10.2.12)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:mysql:5.5.61:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.6.41:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.7.23:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:8.0.12:*:*:*:*:*:*:*

AND

cpe:/a:ibm:security_guardium:10:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20183133	V	CVE-2018-3133	2022-05-20
oval:org.opensuse.security:def:34678	P	Security update for libsndfile (Important)	2022-01-05
oval:org.opensuse.security:def:34609	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:30269	P	Security update for postgresql96 (Important)	2021-11-22
oval:org.opensuse.security:def:31305	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:31295	P	Security update for transfig (Important)	2021-10-29
oval:org.opensuse.security:def:34570	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:31267	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:30126	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:32181	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:34521	P	Security update for spectre-meltdown-checker (Moderate)	2021-08-27
oval:org.opensuse.security:def:35509	P	Security update for cacti, cacti-spine (Moderate)	2021-08-25
oval:org.opensuse.security:def:32142	P	Security update for systemd (Important)	2021-07-21
oval:org.opensuse.security:def:34463	P	Security update for libjpeg-turbo (Moderate)	2021-06-11
oval:org.opensuse.security:def:33926	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:36233	P	libzip1-0.9-1.24.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36191	P	libgtop-2.28.0-1.13.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:30183	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:30038	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:31351	P	Security update for grub2 (Important)	2021-03-02
oval:org.opensuse.security:def:34634	P	Security update for java-1_8_0-openjdk (Moderate)	2021-02-19
oval:org.opensuse.security:def:35553	P	gd-2.0.36.RC1-52.18 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:34697	P	Security update for xorg-x11-libXt	2020-12-01
oval:org.opensuse.security:def:28162	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31460	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:33831	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:27183	P	libexiv2-4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30566	P	Security update for libtiff	2020-12-01
oval:org.opensuse.security:def:34928	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:28416	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:27471	P	libpixman-1-0-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30698	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:35175	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:28514	P	Security update for openssl1 (Important)	2020-12-01
oval:org.opensuse.security:def:29822	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:34216	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27573	P	texlive on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27734	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:30995	P	Security update for jasper (Important)	2020-12-01
oval:org.opensuse.security:def:35443	P	Security update for pam (Moderate)	2020-12-01
oval:org.opensuse.security:def:28290	P	Security update for mysql (Important)	2020-12-01
oval:org.opensuse.security:def:27810	P	Security update for libqt4	2020-12-01
oval:org.opensuse.security:def:26853	P	NetworkManager on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34696	P	Security update for xorg-x11-libXrender	2020-12-01
oval:org.opensuse.security:def:28078	P	Security update for gcc43 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31439	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27126	P	freeradius-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30527	P	Security update for java-1_4_2-ibm	2020-12-01
oval:org.opensuse.security:def:35357	P	Security update for mysql (Important)	2020-12-01
oval:org.opensuse.security:def:34792	P	Security update for adns (Important)	2020-12-01
oval:org.opensuse.security:def:28367	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:33843	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27418	P	icu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30629	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:30687	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:35085	P	Security update for jpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:28470	P	Security update for xorg-x11-libs (Moderate)	2020-12-01
oval:org.opensuse.security:def:29821	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:34159	P	Security update for openssl (Important)	2020-12-01
oval:org.opensuse.security:def:27559	P	rubygem-i18n-0_6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30904	P	Security update for foomatic-filters (Moderate)	2020-12-01
oval:org.opensuse.security:def:35394	P	Security update for OpenSLP	2020-12-01
oval:org.opensuse.security:def:29188	P	Security update for mysql (Important)	2020-12-01
oval:org.opensuse.security:def:29906	P	Security update for lcms	2020-12-01
oval:org.opensuse.security:def:28255	P	Security update for lighttpd (Moderate)	2020-12-01
oval:org.opensuse.security:def:27746	P	Security update for flac	2020-12-01
oval:org.opensuse.security:def:31139	P	Security update for less (Moderate)	2020-12-01
oval:org.opensuse.security:def:26842	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28021	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:31400	P	Security update for perl-Archive-Zip (Moderate)	2020-12-01
oval:org.opensuse.security:def:27045	P	tgt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30478	P	Security update for bind (Critical)	2020-12-01
oval:org.opensuse.security:def:35316	P	Security update for MozillaFirefox, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:34708	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:28314	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:31504	P	Security update for python27 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33832	P	Security update for gnutls (Important)	2020-12-01
oval:org.opensuse.security:def:27267	P	perl-spamassassin on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30585	P	Security update for OpenSSH	2020-12-01
oval:org.opensuse.security:def:30686	P	Security update for LibVNCServer (Critical)	2020-12-01
oval:org.opensuse.security:def:35028	P	Security update for guestfs	2020-12-01
oval:org.opensuse.security:def:28455	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:34062	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27520	P	netatalk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30772	P	Security update for augeas (Moderate)	2020-12-01
oval:org.opensuse.security:def:35335	P	Security update for mozilla-nspr (Moderate)	2020-12-01
oval:org.opensuse.security:def:29152	P	Security update for libssh2_org (Important)	2020-12-01
oval:org.opensuse.security:def:29833	P	Security update for kdebase4-workspace	2020-12-01
oval:org.opensuse.security:def:34305	P	Security update for quagga (Moderate)	2020-12-01
oval:org.opensuse.security:def:27617	P	Security update for freetype2	2020-12-01
oval:org.opensuse.security:def:27735	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:31052	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:35482	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26841	P	xdg-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27938	P	Security update for GraphicsMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26917	P	hyper-v on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30423	P	Security update for xorg-x11-libXt	2020-12-01
oval:com.ubuntu.bionic:def:201831330000000	V	CVE-2018-3133 on Ubuntu 18.04 LTS (bionic) - medium.	2018-10-17
oval:com.ubuntu.xenial:def:201831330000000	V	CVE-2018-3133 on Ubuntu 16.04 LTS (xenial) - medium.	2018-10-17
oval:com.ubuntu.disco:def:201831330000000	V	CVE-2018-3133 on Ubuntu 19.04 (disco) - medium.	2018-10-17
oval:com.ubuntu.bionic:def:20183133000	V	CVE-2018-3133 on Ubuntu 18.04 LTS (bionic) - medium.	2018-10-16
oval:com.ubuntu.cosmic:def:20183133000	V	CVE-2018-3133 on Ubuntu 18.10 (cosmic) - medium.	2018-10-16
oval:com.ubuntu.trusty:def:20183133000	V	CVE-2018-3133 on Ubuntu 14.04 LTS (trusty) - medium.	2018-10-16
oval:com.ubuntu.cosmic:def:201831330000000	V	CVE-2018-3133 on Ubuntu 18.10 (cosmic) - medium.	2018-10-16
oval:com.ubuntu.xenial:def:20183133000	V	CVE-2018-3133 on Ubuntu 16.04 LTS (xenial) - medium.	2018-10-16
oval:com.redhat.rhsa:def:20182439	P	RHSA-2018:2439: mariadb security and bug fix update (Moderate)	2018-08-16

BACK