csaf_redhat - rhsa-2020

rhsa-2020_5662

Vulnerability from csaf_redhat

Published

2020-12-22 09:27

Modified

2024-11-05 23:09

Summary

Red Hat Security Advisory: mariadb-connector-c security, bug fix, and enhancement update

Notes

Topic

An update for mariadb-connector-c is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The MariaDB Native Client library (C driver) is used to connect applications developed in C/C++ to MariaDB and MySQL databases. The following packages have been upgraded to a later upstream version: mariadb-connector-c (3.1.11). (BZ#1898997) Security Fix(es): * mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752) * mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922) * mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249) * mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Code utilizing plugins can't be compiled properly (BZ#1899004) * Add "zlib-devel" requirement in "-devel" subpackage (BZ#1899008) * Replace hard-coded /usr with %{_prefix} (BZ#1899102)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for mariadb-connector-c is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The MariaDB Native Client library (C driver) is used to connect applications developed in C/C++ to MariaDB and MySQL databases. \n\nThe following packages have been upgraded to a later upstream version: mariadb-connector-c (3.1.11). (BZ#1898997)\n\nSecurity Fix(es):\n\n* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)\n\n* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922)\n\n* mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)\n\n* mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Code utilizing plugins can\u0027t be compiled properly (BZ#1899004)\n\n* Add \"zlib-devel\" requirement in \"-devel\" subpackage (BZ#1899008)\n\n* Replace hard-coded /usr with %{_prefix} (BZ#1899102)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5662",
        "url": "https://access.redhat.com/errata/RHSA-2020:5662"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1798587",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798587"
      },
      {
        "category": "external",
        "summary": "1835849",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1835849"
      },
      {
        "category": "external",
        "summary": "1835850",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1835850"
      },
      {
        "category": "external",
        "summary": "1839827",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1839827"
      },
      {
        "category": "external",
        "summary": "1898997",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898997"
      },
      {
        "category": "external",
        "summary": "1899004",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899004"
      },
      {
        "category": "external",
        "summary": "1899102",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899102"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5662.json"
      }
    ],
    "title": "Red Hat Security Advisory: mariadb-connector-c security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2024-11-05T23:09:32+00:00",
      "generator": {
        "date": "2024-11-05T23:09:32+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2020:5662",
      "initial_release_date": "2020-12-22T09:27:09+00:00",
      "revision_history": [
        {
          "date": "2020-12-22T09:27:09+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-12-22T09:27:09+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-05T23:09:32+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
                  "product_id": "AppStream-8.0.0.Z.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_e4s:8.0::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mariadb-connector-c-0:3.1.11-2.el8_0.src",
                "product": {
                  "name": "mariadb-connector-c-0:3.1.11-2.el8_0.src",
                  "product_id": "mariadb-connector-c-0:3.1.11-2.el8_0.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mariadb-connector-c@3.1.11-2.el8_0?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le",
                "product": {
                  "name": "mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le",
                  "product_id": "mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mariadb-connector-c@3.1.11-2.el8_0?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le",
                "product": {
                  "name": "mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le",
                  "product_id": "mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mariadb-connector-c-devel@3.1.11-2.el8_0?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le",
                "product": {
                  "name": "mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le",
                  "product_id": "mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mariadb-connector-c-debugsource@3.1.11-2.el8_0?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le",
                "product": {
                  "name": "mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le",
                  "product_id": "mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mariadb-connector-c-debuginfo@3.1.11-2.el8_0?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le",
                "product": {
                  "name": "mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le",
                  "product_id": "mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mariadb-connector-c-devel-debuginfo@3.1.11-2.el8_0?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mariadb-connector-c-0:3.1.11-2.el8_0.i686",
                "product": {
                  "name": "mariadb-connector-c-0:3.1.11-2.el8_0.i686",
                  "product_id": "mariadb-connector-c-0:3.1.11-2.el8_0.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mariadb-connector-c@3.1.11-2.el8_0?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686",
                "product": {
                  "name": "mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686",
                  "product_id": "mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mariadb-connector-c-devel@3.1.11-2.el8_0?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686",
                "product": {
                  "name": "mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686",
                  "product_id": "mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mariadb-connector-c-debugsource@3.1.11-2.el8_0?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686",
                "product": {
                  "name": "mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686",
                  "product_id": "mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mariadb-connector-c-debuginfo@3.1.11-2.el8_0?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686",
                "product": {
                  "name": "mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686",
                  "product_id": "mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mariadb-connector-c-devel-debuginfo@3.1.11-2.el8_0?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mariadb-connector-c-0:3.1.11-2.el8_0.x86_64",
                "product": {
                  "name": "mariadb-connector-c-0:3.1.11-2.el8_0.x86_64",
                  "product_id": "mariadb-connector-c-0:3.1.11-2.el8_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mariadb-connector-c@3.1.11-2.el8_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64",
                "product": {
                  "name": "mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64",
                  "product_id": "mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mariadb-connector-c-devel@3.1.11-2.el8_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64",
                "product": {
                  "name": "mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64",
                  "product_id": "mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mariadb-connector-c-debugsource@3.1.11-2.el8_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64",
                "product": {
                  "name": "mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64",
                  "product_id": "mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mariadb-connector-c-debuginfo@3.1.11-2.el8_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64",
                "product": {
                  "name": "mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64",
                  "product_id": "mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mariadb-connector-c-devel-debuginfo@3.1.11-2.el8_0?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch",
                "product": {
                  "name": "mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch",
                  "product_id": "mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mariadb-connector-c-config@3.1.11-2.el8_0?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mariadb-connector-c-0:3.1.11-2.el8_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
          "product_id": "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.i686"
        },
        "product_reference": "mariadb-connector-c-0:3.1.11-2.el8_0.i686",
        "relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
          "product_id": "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le"
        },
        "product_reference": "mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le",
        "relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mariadb-connector-c-0:3.1.11-2.el8_0.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
          "product_id": "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.src"
        },
        "product_reference": "mariadb-connector-c-0:3.1.11-2.el8_0.src",
        "relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mariadb-connector-c-0:3.1.11-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
          "product_id": "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.x86_64"
        },
        "product_reference": "mariadb-connector-c-0:3.1.11-2.el8_0.x86_64",
        "relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
          "product_id": "AppStream-8.0.0.Z.E4S:mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch"
        },
        "product_reference": "mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch",
        "relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
          "product_id": "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686"
        },
        "product_reference": "mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686",
        "relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
          "product_id": "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le"
        },
        "product_reference": "mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le",
        "relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
          "product_id": "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64"
        },
        "product_reference": "mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64",
        "relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
          "product_id": "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686"
        },
        "product_reference": "mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686",
        "relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
          "product_id": "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le"
        },
        "product_reference": "mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le",
        "relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
          "product_id": "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64"
        },
        "product_reference": "mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64",
        "relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
          "product_id": "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686"
        },
        "product_reference": "mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686",
        "relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
          "product_id": "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le"
        },
        "product_reference": "mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le",
        "relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
          "product_id": "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64"
        },
        "product_reference": "mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64",
        "relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
          "product_id": "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686"
        },
        "product_reference": "mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686",
        "relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
          "product_id": "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le"
        },
        "product_reference": "mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le",
        "relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
          "product_id": "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64"
        },
        "product_reference": "mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64",
        "relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-2574",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-02-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1798587"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mysql: C API unspecified vulnerability (CPU Jan 2020)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.src",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.x86_64",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-2574"
        },
        {
          "category": "external",
          "summary": "RHBZ#1798587",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798587"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2574",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2574"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2574",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2574"
        },
        {
          "category": "external",
          "summary": "https://www.oracle.com/security-alerts/cpujan2020.html",
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        }
      ],
      "release_date": "2020-02-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-12-22T09:27:09+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.src",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5662"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.src",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "mysql: C API unspecified vulnerability (CPU Jan 2020)"
    },
    {
      "cve": "CVE-2020-2752",
      "discovery_date": "2020-05-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1835849"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mysql: C API unspecified vulnerability (CPU Apr 2020)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.src",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.x86_64",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-2752"
        },
        {
          "category": "external",
          "summary": "RHBZ#1835849",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1835849"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2752",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2752"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2752",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2752"
        },
        {
          "category": "external",
          "summary": "https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL",
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL"
        }
      ],
      "release_date": "2020-04-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-12-22T09:27:09+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.src",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5662"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.src",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mysql: C API unspecified vulnerability (CPU Apr 2020)"
    },
    {
      "cve": "CVE-2020-2922",
      "discovery_date": "2020-05-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1835850"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mysql: C API unspecified vulnerability (CPU Apr 2020)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.src",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.x86_64",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-2922"
        },
        {
          "category": "external",
          "summary": "RHBZ#1835850",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1835850"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2922"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2922",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2922"
        },
        {
          "category": "external",
          "summary": "https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL",
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL"
        }
      ],
      "release_date": "2020-04-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-12-22T09:27:09+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.src",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5662"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.src",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mysql: C API unspecified vulnerability (CPU Apr 2020)"
    },
    {
      "cve": "CVE-2020-13249",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2020-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1839827"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mariadb-connector-c: Improper validation of content in a OK packet received from server",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.src",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.x86_64",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-13249"
        },
        {
          "category": "external",
          "summary": "RHBZ#1839827",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1839827"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13249",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-13249"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13249",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13249"
        }
      ],
      "release_date": "2020-05-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-12-22T09:27:09+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.src",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5662"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.src",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mariadb-connector-c: Improper validation of content in a OK packet received from server"
    },
    {
      "cve": "CVE-2021-2007",
      "discovery_date": "2021-01-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1922382"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mysql: C API unspecified vulnerability (CPU Jan 2021)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.src",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.x86_64",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le",
          "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-2007"
        },
        {
          "category": "external",
          "summary": "RHBZ#1922382",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922382"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-2007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-2007"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-2007",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-2007"
        },
        {
          "category": "external",
          "summary": "https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL",
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"
        }
      ],
      "release_date": "2021-01-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-12-22T09:27:09+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.src",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5662"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.src",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-config-0:3.1.11-2.el8_0.noarch",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debuginfo-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-debugsource-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-0:3.1.11-2.el8_0.x86_64",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.i686",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.ppc64le",
            "AppStream-8.0.0.Z.E4S:mariadb-connector-c-devel-debuginfo-0:3.1.11-2.el8_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "mysql: C API unspecified vulnerability (CPU Jan 2021)"
    }
  ]
}

cve-2021-2007

Vulnerability from cvelistv5

Published

2021-01-20 14:50

Modified

2024-09-26 18:43

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2021.html	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/	vendor-advisory, x_refsource_FEDORA
	https://security.gentoo.org/glsa/202105-27	vendor-advisory, x_refsource_GENTOO
	https://security.netapp.com/advisory/ntap-20210622-0001/	x_refsource_CONFIRM

Impacted products

▼	Vendor	Product
	Oracle Corporation	MySQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:32:01.611Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "FEDORA-2021-db50ab62d3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/"
          },
          {
            "name": "FEDORA-2021-b1d1655cef",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/"
          },
          {
            "name": "GLSA-202105-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202105-27"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210622-0001/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-2007",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T17:55:43.060173Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T18:43:30.998Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "5.6.47 and prior"
            },
            {
              "status": "affected",
              "version": "5.7.29 and prior"
            },
            {
              "status": "affected",
              "version": "8.0.19 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of MySQL Client accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-22T08:06:41",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "name": "FEDORA-2021-db50ab62d3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/"
        },
        {
          "name": "FEDORA-2021-b1d1655cef",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/"
        },
        {
          "name": "GLSA-202105-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202105-27"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210622-0001/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2021-2007",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MySQL Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "5.6.47 and prior"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.7.29 and prior"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.0.19 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.7",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of MySQL Client accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "FEDORA-2021-db50ab62d3",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/"
            },
            {
              "name": "FEDORA-2021-b1d1655cef",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/"
            },
            {
              "name": "GLSA-202105-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202105-27"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210622-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210622-0001/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2021-2007",
    "datePublished": "2021-01-20T14:50:00",
    "dateReserved": "2020-12-09T00:00:00",
    "dateUpdated": "2024-09-26T18:43:30.998Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2922

Vulnerability from cvelistv5

Published

2020-04-15 13:29

Modified

2024-09-27 18:50

Severity ?

3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200416-0003/	x_refsource_CONFIRM
	https://usn.ubuntu.com/4350-1/	vendor-advisory, x_refsource_UBUNTU
	https://security.gentoo.org/glsa/202105-27	vendor-advisory, x_refsource_GENTOO

Impacted products

▼	Vendor	Product
	Oracle Corporation	MySQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:23:59.715Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200416-0003/"
          },
          {
            "name": "USN-4350-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4350-1/"
          },
          {
            "name": "GLSA-202105-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202105-27"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2922",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T18:01:08.326913Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T18:50:21.453Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "5.6.47 and prior"
            },
            {
              "status": "affected",
              "version": "5.7.29 and prior"
            },
            {
              "status": "affected",
              "version": "8.0.18 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of MySQL Client accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-26T11:08:32",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200416-0003/"
        },
        {
          "name": "USN-4350-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4350-1/"
        },
        {
          "name": "GLSA-202105-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202105-27"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2922",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MySQL Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "5.6.47 and prior"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.7.29 and prior"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.0.18 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.7",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of MySQL Client accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200416-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200416-0003/"
            },
            {
              "name": "USN-4350-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4350-1/"
            },
            {
              "name": "GLSA-202105-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202105-27"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2922",
    "datePublished": "2020-04-15T13:29:52",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-27T18:50:21.453Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2752

Vulnerability from cvelistv5

Published

2020-04-15 13:29

Modified

2024-09-30 15:42

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200416-0003/	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/	vendor-advisory, x_refsource_FEDORA
	https://security.gentoo.org/glsa/202012-08	vendor-advisory, x_refsource_GENTOO
	https://security.gentoo.org/glsa/202105-27	vendor-advisory, x_refsource_GENTOO

Impacted products

▼	Vendor	Product
	Oracle Corporation	MySQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:17:02.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200416-0003/"
          },
          {
            "name": "FEDORA-2020-35f52d9370",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/"
          },
          {
            "name": "openSUSE-SU-2020:0870",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html"
          },
          {
            "name": "FEDORA-2020-ac2d47d89a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/"
          },
          {
            "name": "GLSA-202012-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202012-08"
          },
          {
            "name": "GLSA-202105-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202105-27"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2752",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T15:00:13.789993Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T15:42:25.775Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "5.6.47 and prior"
            },
            {
              "status": "affected",
              "version": "5.7.27 and prior"
            },
            {
              "status": "affected",
              "version": "8.0.17 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-26T11:06:52",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200416-0003/"
        },
        {
          "name": "FEDORA-2020-35f52d9370",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/"
        },
        {
          "name": "openSUSE-SU-2020:0870",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html"
        },
        {
          "name": "FEDORA-2020-ac2d47d89a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/"
        },
        {
          "name": "GLSA-202012-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202012-08"
        },
        {
          "name": "GLSA-202105-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202105-27"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2752",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MySQL Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "5.6.47 and prior"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.7.27 and prior"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.0.17 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200416-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200416-0003/"
            },
            {
              "name": "FEDORA-2020-35f52d9370",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/"
            },
            {
              "name": "openSUSE-SU-2020:0870",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html"
            },
            {
              "name": "FEDORA-2020-ac2d47d89a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/"
            },
            {
              "name": "GLSA-202012-08",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202012-08"
            },
            {
              "name": "GLSA-202105-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202105-27"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2752",
    "datePublished": "2020-04-15T13:29:44",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T15:42:25.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2574

Vulnerability from cvelistv5

Published

2020-01-15 16:34

Modified

2024-09-30 16:33

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200122-0002/	x_refsource_CONFIRM
	https://usn.ubuntu.com/4250-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/4250-2/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2020/09/29/1	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202105-27	vendor-advisory, x_refsource_GENTOO

Impacted products

▼	Vendor	Product
	Oracle Corporation	MySQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:09:54.709Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200122-0002/"
          },
          {
            "name": "USN-4250-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4250-1/"
          },
          {
            "name": "USN-4250-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4250-2/"
          },
          {
            "name": "openSUSE-SU-2020:0289",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html"
          },
          {
            "name": "[oss-security] 20200929 QEMU: NULL pointer derefrence issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/09/29/1"
          },
          {
            "name": "GLSA-202105-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202105-27"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2574",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T15:05:04.106828Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T16:33:42.729Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "5.6.46 and prior"
            },
            {
              "status": "affected",
              "version": "5.7.28 and prior"
            },
            {
              "status": "affected",
              "version": "8.0.18 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-26T11:06:24",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200122-0002/"
        },
        {
          "name": "USN-4250-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4250-1/"
        },
        {
          "name": "USN-4250-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4250-2/"
        },
        {
          "name": "openSUSE-SU-2020:0289",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html"
        },
        {
          "name": "[oss-security] 20200929 QEMU: NULL pointer derefrence issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/09/29/1"
        },
        {
          "name": "GLSA-202105-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202105-27"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2574",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MySQL Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "5.6.46 and prior"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.7.28 and prior"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.0.18 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.9",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200122-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200122-0002/"
            },
            {
              "name": "USN-4250-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4250-1/"
            },
            {
              "name": "USN-4250-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4250-2/"
            },
            {
              "name": "openSUSE-SU-2020:0289",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html"
            },
            {
              "name": "[oss-security] 20200929 QEMU: NULL pointer derefrence issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/09/29/1"
            },
            {
              "name": "GLSA-202105-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202105-27"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2574",
    "datePublished": "2020-01-15T16:34:01",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T16:33:42.729Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-13249

Vulnerability from cvelistv5

Published

2020-05-20 18:48

Modified

2024-08-04 12:11

Severity ?

Summary

libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.

References

▼	URL	Tags
	https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945	x_refsource_MISC
	https://github.com/mariadb-corporation/mariadb-connector-c/compare/v3.1.7...v3.1.8	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00064.html	vendor-advisory, x_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/	vendor-advisory, x_refsource_FEDORA

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:19.465Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/mariadb-corporation/mariadb-connector-c/compare/v3.1.7...v3.1.8"
          },
          {
            "name": "openSUSE-SU-2020:0738",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00064.html"
          },
          {
            "name": "FEDORA-2020-35f52d9370",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/"
          },
          {
            "name": "openSUSE-SU-2020:0870",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html"
          },
          {
            "name": "FEDORA-2020-ac2d47d89a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-11T02:06:34",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mariadb-corporation/mariadb-connector-c/compare/v3.1.7...v3.1.8"
        },
        {
          "name": "openSUSE-SU-2020:0738",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00064.html"
        },
        {
          "name": "FEDORA-2020-35f52d9370",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/"
        },
        {
          "name": "openSUSE-SU-2020:0870",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html"
        },
        {
          "name": "FEDORA-2020-ac2d47d89a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-13249",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945",
              "refsource": "MISC",
              "url": "https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945"
            },
            {
              "name": "https://github.com/mariadb-corporation/mariadb-connector-c/compare/v3.1.7...v3.1.8",
              "refsource": "MISC",
              "url": "https://github.com/mariadb-corporation/mariadb-connector-c/compare/v3.1.7...v3.1.8"
            },
            {
              "name": "openSUSE-SU-2020:0738",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00064.html"
            },
            {
              "name": "FEDORA-2020-35f52d9370",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/"
            },
            {
              "name": "openSUSE-SU-2020:0870",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html"
            },
            {
              "name": "FEDORA-2020-ac2d47d89a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-13249",
    "datePublished": "2020-05-20T18:48:12",
    "dateReserved": "2020-05-20T00:00:00",
    "dateUpdated": "2024-08-04T12:11:19.465Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

rhsa-2020_5662

Vulnerability from csaf_redhat

cve-2021-2007

Vulnerability from cvelistv5

cve-2020-2922

Vulnerability from cvelistv5

cve-2020-2752

Vulnerability from cvelistv5

cve-2020-2574

Vulnerability from cvelistv5

cve-2020-13249

Vulnerability from cvelistv5

Tags