CVE-2016-3477
Published on: 07/21/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:03 PM UTC
Certain versions of Ubuntu Linux from Canonical contain the following vulnerability:
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.
- CVE-2016-3477 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 8.1 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
LOCAL | HIGH | NONE | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
CHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 4.1 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
LOCAL | MEDIUM | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Red Hat Customer Portal | Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
![]() |
Red Hat Customer Portal | Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
![]() |
Oracle Critical Patch Update - July 2016 | Patch Vendor Advisory www.oracle.com text/html |
![]() |
Oracle July 2016 Critical Patch Update Multiple Vulnerabilities | Third Party Advisory VDB Entry cve.report (archive) text/html |
![]() |
Debian -- Security Information -- DSA-3632-1 mariadb-10.0 | Third Party Advisory www.debian.org Depreciated Link text/html |
![]() |
MariaDB 10.1.15 Release Notes - MariaDB Knowledge Base | Vendor Advisory mariadb.com text/html |
![]() |
openSUSE-SU-2016:2278-1: moderate: Security update for mariadb | Mailing List Third Party Advisory lists.opensuse.org text/html |
![]() |
Oracle Linux Bulletin - July 2016 | Vendor Advisory web.archive.org text/html Inactive LinkNot Archived |
![]() |
Debian -- Security Information -- DSA-3624-1 mysql-5.5 | Third Party Advisory www.debian.org Depreciated Link text/html |
![]() |
MariaDB 10.0.26 Release Notes - MariaDB Knowledge Base | Vendor Advisory mariadb.com text/html |
![]() |
Security Bulletin: Multiple vulnerabilities in mariadb affect PowerKVM | Third Party Advisory www-01.ibm.com text/html |
![]() |
MariaDB 5.5.50 Release Notes - MariaDB Knowledge Base | Vendor Advisory mariadb.com text/html |
![]() |
MySQL Multiple Bugs Let Remote Users Access Data, Remote Authenticated Users Modify Data, Local or Remote Authenticated Users Deny Service, and Local Users Gain Elevated Privileges - SecurityTracker | Third Party Advisory VDB Entry www.securitytracker.com text/html |
![]() |
Red Hat Customer Portal | Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
![]() |
USN-3040-1: MySQL vulnerabilities | Ubuntu | Third Party Advisory www.ubuntu.com text/html |
![]() |
Red Hat Customer Portal | Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
![]() |
Red Hat Customer Portal | Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
![]() |
Oracle MySQL CVE-2016-3477 Local Security Vulnerability | Third Party Advisory VDB Entry cve.report (archive) text/html |
![]() |
Red Hat Customer Portal | Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
Operating System | Debian | Debian Linux | 8.0 | All | All | All |
Operating System | Debian | Debian Linux | 8.0 | All | All | All |
Application | Ibm | Powerkvm | 2.1 | All | All | All |
Application | Ibm | Powerkvm | 3.1 | All | All | All |
Application | Ibm | Powerkvm | 2.1 | All | All | All |
Application | Ibm | Powerkvm | 3.1 | All | All | All |
Application | Mariadb | Mariadb | All | All | All | All |
Application | Mariadb | Mariadb | All | All | All | All |
Operating System | Oracle | Linux | 7 | All | All | All |
Operating System | Oracle | Linux | 7 | All | All | All |
Application | Oracle | Mysql | All | All | All | All |
Application | Oracle | Mysql | All | All | All | All |
Application | Oracle | Mysql | All | All | All | All |
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:powerkvm:2.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:powerkvm:3.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:powerkvm:2.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:powerkvm:3.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*:
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE