What is CVE-2016-6662?

CVE-2016-6662 is a critical-severity vulnerability in Mariadb, classified under CWE-264. CVSS score: 9.8/10. Published 2016-09-20.

How severe is CVE-2016-6662?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2016-6662 known to be exploited?

24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mariadb

CVE-2016-6662

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-…

EPSS: 0.896 (99.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Mariadb
Oracle Mysql
Percona Percona_server
Debian Debian_linux — versions 8.0
Redhat Enterprise_linux — versions 7.0
Redhat Enterprise_linux_desktop — versions 6.0, 7.0
Redhat Enterprise_linux_server — versions 6.0
Redhat Enterprise_linux_server_aus — versions 7.3, 7.4, 7.6
Redhat Enterprise_linux_server_eus — versions 7.3, 7.4, 7.5
Redhat Enterprise_linux_server_tus — versions 7.3, 7.6

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_CONFIRM, Release Notes, Vendor Advisory)
RHSA-2016:2749 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
RHSA-2017:0184 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
RHSA-2016:2131 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
RHSA-2016:2060 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Release Notes, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Release Notes, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)
92912 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) (mailing-list, x_refsource_FULLDISC, Mailing List, Third Party Advisory)

Frequently asked questions

What is CVE-2016-6662?: CVE-2016-6662 is a critical-severity vulnerability in Mariadb, classified under CWE-264. CVSS score: 9.8/10. Published 2016-09-20.
How severe is CVE-2016-6662?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2016-6662 known to be exploited?: 24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.