ALPINE-CVE-2016-6662
- Source
- https://security.alpinelinux.org/vuln/CVE-2016-6662
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2016-6662.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ALPINE-CVE-2016-6662
- Upstream
- Published
- 2016-09-20T18:59:00Z
- Modified
- 2025-09-25T23:52:04.117214Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting generallogfile to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
- References
Affected packages
Alpine:v3.2 / mariadb
Package
- Name
- mariadb
- Purl
- pkg:apk/alpine/mariadb?arch=source