OpenCVE

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Fedoraproject	Fedora
Mariadb	Mariadb
Netapp	Oncommand Insight Snapcenter
Oracle	Mysql
Redhat	Enterprise Linux Rhel E4s Rhel Eus Rhel Software Collections

Configuration 1 [-]

OR	cpe:2.3:a:oracle:mysql::::::::
	cpe:2.3:a:oracle:mysql::::::::

Configuration 2 [-]

OR	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:snapcenter:-:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:fedoraproject:fedora:31:::::::*
	cpe:2.3:o:fedoraproject:fedora:32:::::::*
	cpe:2.3:o:fedoraproject:fedora:33:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:mariadb:mariadb::::::::
	cpe:2.3:a:mariadb:mariadb::::::::
	cpe:2.3:a:mariadb:mariadb::::::::
	cpe:2.3:a:mariadb:mariadb::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
mariadb:10.3-8030020201203011231.229f0a1c	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:5500	2020-12-15T00:00:00Z
mysql:8.0-8040020210824134700.522a0ee4	cpe:/a:redhat:enterprise_linux:8	RHSA-2021:3590	2021-09-21T00:00:00Z
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions
mariadb:10.3-8000020201221114409.f8e95b4e	cpe:/a:redhat:rhel_e4s:8.0	RHSA-2020:5663	2020-12-22T00:00:00Z
Red Hat Enterprise Linux 8.1 Extended Update Support
mariadb:10.3-8010020201214133427.c27ad7f8	cpe:/a:redhat:rhel_eus:8.1	RHSA-2020:5665	2020-12-22T00:00:00Z
Red Hat Enterprise Linux 8.2 Extended Update Support
mariadb:10.3-8020020201214133105.4cda2c84	cpe:/a:redhat:rhel_eus:8.2	RHSA-2020:5654	2020-12-22T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
rh-mariadb103-galera-0:25.3.31-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2020:5246	2020-11-30T00:00:00Z
rh-mariadb103-mariadb-3:10.3.27-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2020:5246	2020-11-30T00:00:00Z
rh-mysql80-mysql-0:8.0.26-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2021:3811	2021-10-12T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
rh-mariadb103-galera-0:25.3.31-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2020:5246	2020-11-30T00:00:00Z
rh-mariadb103-mariadb-3:10.3.27-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2020:5246	2020-11-30T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS
rh-mariadb103-galera-0:25.3.31-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2020:5246	2020-11-30T00:00:00Z
rh-mariadb103-mariadb-3:10.3.27-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2020:5246	2020-11-30T00:00:00Z
rh-mysql80-mysql-0:8.0.26-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2021:3811	2021-10-12T00:00:00Z

References

Link	Providers
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/
https://nvd.nist.gov/vuln/detail/CVE-2020-14776
https://security.gentoo.org/glsa/202105-27
https://security.netapp.com/advisory/ntap-20201023-0003/
https://www.cve.org/CVERecord?id=CVE-2020-14776
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL

History

Thu, 26 Sep 2024 21:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2020-10-21T14:04:24

Updated: 2024-09-26T20:25:07.299Z

Reserved: 2020-06-19T00:00:00

Link: CVE-2020-14776

Vulnrichment

Updated: 2024-08-04T12:53:43.281Z

NVD

Status : Modified

Published: 2020-10-21T15:15:17.953

Modified: 2024-11-21T05:04:07.780

Link: CVE-2020-14776

Redhat

Severity : Moderate

Publid Date: 2020-10-20T00:00:00Z

Links: CVE-2020-14776 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object