CVE-2018-3085: InnoDB Storage Engine Denial of Service Vulnerability. This vulnerability is specific to InnoDB storage engine. An attacker needs to log in to the MySQL system and have the ability to issue commands to the MySQL server. An attacker can then use input data of the form ‘SELECT * FROM table_name WHERE condition’ in the WHERE clause to issue a denial of service against the MySQL system by issuing a large number of queries with the same condition. CVE-2018-3088: XtraDB Storage Engine Remote Code Execution Vulnerability. This vulnerability requires user privileges to exploit. An attacker needs to login to the MySQL system and have the ability to issue commands to the MySQL server. An attacker can then use input data of the form ‘CREATE TABLE t1 (col1)’ in the CREATE TABLE statement to issue a remote code execution exploit to the MySQL server. CVSS Base Score 7.5 (High). CVSS Vector: CVSS:7.5/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
CVE-2018-3089: InnoDB XA Denial of Service Vulnerability. This vulnerability requires user privileges to exploit. An attacker needs to login to the MySQL system and have the ability to issue commands to the MySQL server. An attacker can then use input data of the
Timeline
Published on: 04/19/2022 21:15:00 UTC
Last modified on: 05/10/2022 17:46:00 UTC