Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
{ "vanir_signatures": [ { "deprecated": false, "target": { "function": "ha_myisam::repair", "file": "storage/myisam/ha_myisam.cc" }, "source": "https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291", "signature_type": "Function", "id": "CVE-2016-6663-012dd5ec", "signature_version": "v1", "digest": { "function_hash": "276458813327328109121598275008083856050", "length": 3646.0 } }, { "deprecated": false, "target": { "file": "storage/myisam/myisamchk.c" }, "source": "https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291", "signature_type": "Line", "id": "CVE-2016-6663-0e9b3c17", "signature_version": "v1", "digest": { "line_hashes": [ "156747042709335812239404857506504410227", "231013385882616307362406484768393737594", "247960275209919284425338247079266469796", "94807745408925440267731616078773576765", "292954708868220498858023134167179854521", "215260897919776134769321196844271116522", "327128402110047950727104259926443580298", "37976955491392340010177804303314394070", "31315364733805639904528875242370861535", "23636445271699933478695614301336166186", "142715726683166353606659931262966719615", "113692683138749293938330979319571407078", "239600725090668646360398799798242750812", "141812422202096306878564551066768604157", "116236903139257876953709171425674968247", "142977855023063429113069970929363690371", "247339910353859068544950836473596706959", "184380523307018949517664805909490614929", "235176238933677209035163335589649113259", "122545716063765501173559697396925000324", "253637046813155317159809229205987279491", "64543028489523349328242021984464194566" ], "threshold": 0.9 } }, { "deprecated": false, "target": { "file": "mysys/my_redel.c" }, "source": "https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291", "signature_type": "Line", "id": "CVE-2016-6663-11f3a337", "signature_version": "v1", "digest": { "line_hashes": [ "268840939935663536748212081556785947708", "13213608670944391593977601682863524932", "42022673281319839518881425877770538409", "295567922588273038243547834376047814269", "83732096556387150274615466118948077612", "175667979982943242943117294983431153901", "110041368375643820379187479017862529507", "53656702135187289377974439619392192524", "255265863849625929265871632865269432141" ], "threshold": 0.9 } }, { "deprecated": false, "target": { "function": "mi_repair_parallel", "file": "storage/myisam/mi_check.c" }, "source": "https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291", "signature_type": "Function", "id": "CVE-2016-6663-167b6f87", "signature_version": "v1", "digest": { "function_hash": "46874045325073224765921741163584709623", "length": 11518.0 } }, { "deprecated": false, "target": { "function": "init_common_variables", "file": "sql/mysqld.cc" }, "source": "https://github.com/mariadb/server/commit/347eeefbfc658c8531878218487d729f4e020805", "signature_type": "Function", "id": "CVE-2016-6663-2c19b237", "signature_version": "v1", "digest": { "function_hash": "262319326199199505806627401201410805668", "length": 10175.0 } }, { "deprecated": false, "target": { "function": "my_redel", "file": "mysys/my_redel.c" }, "source": "https://github.com/mariadb/server/commit/347eeefbfc658c8531878218487d729f4e020805", "signature_type": "Function", "id": "CVE-2016-6663-438ab69b", "signature_version": "v1", "digest": { "function_hash": "195743337054551639795236640843175325462", "length": 606.0 } }, { "deprecated": false, "target": { "file": "storage/myisam/ha_myisam.cc" }, "source": "https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291", "signature_type": "Line", "id": "CVE-2016-6663-44bbbc2d", "signature_version": "v1", "digest": { "line_hashes": [ "201283705635448754132665265188137671436", "296613805033232843133488841355618131989", "290770581976157747597936953687005700797", "317483574090711288141675573838371935383", "262932596244079193037138873302489472737", "308096480134062339759336998302812093359", "40944838731279728717127484440448346577", "90094137937071722639769174500675293628", "46660997083066777924122253589500738189", "172888075596071902319285000092358078749", "233306842955875534311349834496105153115", "303679630009499061330904604992622401246", "144549355972847195092265270391635486169", "20065455137261511726590167784347669069", "333074141710635353878506192750459148821", "321017884568555509413173745507597882333", "170112018022462286709138612090632562697", "52922199001493150231444090786513723373", "213376804200464258068302637584522433408", "251655547742885122498324756722412316001", "312853271227260979379390432731718380101", "318406103170310980244111911490146690437", "288329711256206745116934964892715884557", "171186147284461007665833970668839574649", "239213191362046514061273544163485135424", "131758108625120550413011234646016509642" ], "threshold": 0.9 } }, { "deprecated": false, "target": { "file": "mysys/my_redel.c" }, "source": "https://github.com/mariadb/server/commit/347eeefbfc658c8531878218487d729f4e020805", "signature_type": "Line", "id": "CVE-2016-6663-5aa320be", "signature_version": "v1", "digest": { "line_hashes": [ "124687595909785567538765188232277988973", "83732096556387150274615466118948077612", "175667979982943242943117294983431153901", "110041368375643820379187479017862529507", "53656702135187289377974439619392192524" ], "threshold": 0.9 } }, { "deprecated": false, "target": { "file": "include/my_sys.h" }, "source": "https://github.com/mariadb/server/commit/347eeefbfc658c8531878218487d729f4e020805", "signature_type": "Line", "id": "CVE-2016-6663-7e57670c", "signature_version": "v1", "digest": { "line_hashes": [ "204857641822545259624692295957400965273", "241881475509794065742202524545529865730", "220867298038812200121245944278101602115", "42781184582441300900379110056144557069", "140077583051860542236562203061000408419" ], "threshold": 0.9 } }, { "deprecated": false, "target": { "file": "storage/myisam/mi_check.c" }, "source": "https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291", "signature_type": "Line", "id": "CVE-2016-6663-971f3d65", "signature_version": "v1", "digest": { "line_hashes": [ "42699215182813791121012285968399685361", "283887813584854565888691497417157357180", "308992967462514548775190287933262992961", "280213325654104366914780866890144815731", "248980031459596922128253564143995866701", "250986292032979828544759821855331057500", "288927712402439027009706396030426905626", "53705054678198983521367532665957133835", "273747095159405045276183622443483707691", "113669133169273756262663631928872551246", "168603377781963905516781435422178458369", "232225171802750388073270099573340958989", "69585755261622533388702614730225336173", "95342301640158575961657907622925632951", "315458012847417631193154885912884424542", "12131081452139921587499998896789555826", "277487103031690622320806890007182892316", "186602220244811639594054663138278008748", "173087997298978807669800251024279931962", "222255978478241429711298864436308573805", "177323726636066859717087707310528106480", "287299628530470010984044338728657069257", "133595270542946639628781352467207623188", "13827795013520703108712237620662592313", "76401467057788038773742128719613617138", "128504660564266791888306851137419797961", "208363716006632155423818890780186475368", "250986292032979828544759821855331057500", "288927712402439027009706396030426905626", "53705054678198983521367532665957133835", "134882972019238768994021430152751346849", "226157148384397825808416733684846808501", "44198304063688099870505427636626043103", "232225171802750388073270099573340958989", "69585755261622533388702614730225336173", "89863585585117615111631960149423304978", "170211683214940972715656533162695208785", "226905967229131781338309747750819999242", "189019889339060272823930724907516586024", "251287378081451584581669384615429917886", "182233386314124646865893770141230208085", "250986292032979828544759821855331057500", "288927712402439027009706396030426905626", "53705054678198983521367532665957133835", "134882972019238768994021430152751346849", "226157148384397825808416733684846808501", "44198304063688099870505427636626043103", "232225171802750388073270099573340958989", "69585755261622533388702614730225336173", "89863585585117615111631960149423304978" ], "threshold": 0.9 } }, { "deprecated": false, "target": { "function": "my_redel", "file": "mysys/my_redel.c" }, "source": "https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291", "signature_type": "Function", "id": "CVE-2016-6663-a4ab53e0", "signature_version": "v1", "digest": { "function_hash": "292832109208458826524827815740674481880", "length": 694.0 } }, { "deprecated": false, "target": { "file": "include/myisam.h" }, "source": "https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291", "signature_type": "Line", "id": "CVE-2016-6663-a7ba197e", "signature_version": "v1", "digest": { "line_hashes": [ "52191238680556084602184331467585717316", "165500393937282181612836691971469098274", "199298288664273736627721031451492543318", "184926282695259036073269894408201576817", "12484044925468655610656013300142054402", "172054397009567870522721359562446896055", "202249256637765096405274741918339176252", "261386577292418474757752630291786559818", "318757889588542971244826735996883594616", "120795515728839937243591388654352490317" ], "threshold": 0.9 } }, { "deprecated": false, "target": { "function": "myisamchk", "file": "storage/myisam/myisamchk.c" }, "source": "https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291", "signature_type": "Function", "id": "CVE-2016-6663-a8a47b33", "signature_version": "v1", "digest": { "function_hash": "161807721212549749744447256380498804981", "length": 11412.0 } }, { "deprecated": false, "target": { "function": "mi_sort_index", "file": "storage/myisam/mi_check.c" }, "source": "https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291", "signature_type": "Function", "id": "CVE-2016-6663-abcb229c", "signature_version": "v1", "digest": { "function_hash": "60193803830240735526068407873093331498", "length": 2846.0 } }, { "deprecated": false, "target": { "file": "mysys/my_static.c" }, "source": "https://github.com/mariadb/server/commit/347eeefbfc658c8531878218487d729f4e020805", "signature_type": "Line", "id": "CVE-2016-6663-dbd7e0a8", "signature_version": "v1", "digest": { "line_hashes": [ "81496441030339131816656121845420665094", "302625491858400971457234939451495549748", "6827239584925624247613973362449513601" ], "threshold": 0.9 } }, { "deprecated": false, "target": { "function": "mi_repair_by_sort", "file": "storage/myisam/mi_check.c" }, "source": "https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291", "signature_type": "Function", "id": "CVE-2016-6663-df2b0ca8", "signature_version": "v1", "digest": { "function_hash": "30622865852041770431449650785887601474", "length": 10095.0 } }, { "deprecated": false, "target": { "file": "sql/mysqld.cc" }, "source": "https://github.com/mariadb/server/commit/347eeefbfc658c8531878218487d729f4e020805", "signature_type": "Line", "id": "CVE-2016-6663-e13387dd", "signature_version": "v1", "digest": { "line_hashes": [ "113653453795459072047227819278406290569", "205000405171199861407951977585919257745", "235516704714933514093155642919855990104", "226523148360695621250871189521955661104" ], "threshold": 0.9 } }, { "deprecated": false, "target": { "function": "mi_repair", "file": "storage/myisam/mi_check.c" }, "source": "https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291", "signature_type": "Function", "id": "CVE-2016-6663-eb8b92a0", "signature_version": "v1", "digest": { "function_hash": "299749847910497993900732133731634673449", "length": 7360.0 } } ] }