CVE-2020-2812

描述

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

如何修補 CVE-2020-2812

要修補 CVE-2020-2812,請將受影響套件升級到下列已修補版本。

• —升級至 10.3.23-r0 或更新版本
• —升級至 5.5.68 或更新版本
• —升級至 5.5.68 或更新版本
• —升級至 5.5.68 或更新版本

CVE-2020-2812 正在被利用嗎?

低 — EPSS 為 0.1%,目前沒有觀察到大規模利用活動。

受影響套件(4)

• from 0, < 10.3.23-r0
• >= 5.5.0, < 5.5.68, >= 10.1.0, < 10.1.45, >= 10.2.0, < 10.2.32, >= 10.3.0, < 10.3.23, >= 10.4.0, < 10.4.13
• >= 5.5.0, < 5.5.68, >= 10.1.0, < 10.1.45, >= 10.2.0, < 10.2.32, >= 10.3.0, < 10.3.23, >= 10.4.0, < 10.4.13
• >= 5.5.0, < 5.5.68, >= 10.1.0, < 10.1.45, >= 10.2.0, < 10.2.32, >= 10.3.0, < 10.3.23, >= 10.4.0, < 10.4.13

CVSS 分數

參考連結(13)

• ADVISORYsecurity.alpinelinux.org/vuln/CVE-2020-2812
• WEBlists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html
• WEBlists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/
• WEB