CVE-2016-3477
mariadb-10.0 - security update
8.1
HIGH
CVSS 3.1
EPSS 0.11%
Description
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.
How to fix CVE-2016-3477
To remediate CVE-2016-3477, upgrade the affected package to a fixed version below.
- —upgrade to 5.5.51-r0 or later
- —upgrade to 10.0.26-0+deb8u1 or later
- —upgrade to 5.5.50-0+deb7u1 or later
- —upgrade to 5.5.50-0+deb8u1 or later
Is CVE-2016-3477 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 5.5.51-r0
- from 0, < 10.0.26-0+deb8u1
- from 0, < 5.5.50-0+deb7u1
- from 0, < 5.5.50-0+deb8u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |