{"id":"CVE-2018-3063","details":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","modified":"2026-04-16T01:40:20.539152393Z","published":"2018-07-18T13:29:07.803Z","related":["SUSE-RU-2023:3956-1","SUSE-RU-2023:4991-1","SUSE-SU-2018:2411-1","SUSE-SU-2018:3972-1","SUSE-SU-2018:4211-1","SUSE-SU-2019:0555-1","SUSE-SU-2019:0628-1","SUSE-SU-2019:1441-1","SUSE-SU-2019:2048-1","openSUSE-SU-2019:0327-1"],"references":[{"type":"WEB","url":"http://www.securitytracker.com/id/1041294"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104786"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041294"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1258"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2327"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20180726-0002/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3725-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3725-2/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4341"},{"type":"FIX","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"20ae591abd0bfe1bfaee546989ee163f4ef832b1"},{"fixed":"ca26f91bcaa21933147974c823852a2e1c2e2bd7"},{"introduced":"776555af021e917ce0d6235386b43ae59fdd5161"},{"fixed":"e023f9a4d5a620b54d7f7132567150d80b630692"},{"introduced":"9664240c948a92c22ccda0e1f5a420eb776ddcb1"},{"fixed":"5553d3f1f691a374124686946bd1f1cc4ef9fb45"},{"introduced":"b11c4651917bd4472ea8837c64e6d1072a2a19e9"},{"fixed":"50c426200224a4527e84052aa2ab32be893f43f4"},{"introduced":"f954e4bfae9a9723d33e05e4035e3c5a5e8d43d9"},{"fixed":"e88e26b4242e1c030bb138fca7ea2c916dbe6a76"}]}],"versions":["mariadb-10.0.31","mariadb-10.0.32","mariadb-10.0.33","mariadb-10.0.34","mariadb-10.0.35","mariadb-10.0.36","mariadb-10.1.23","mariadb-10.1.24","mariadb-10.1.25","mariadb-10.1.26","mariadb-10.1.27","mariadb-10.1.28","mariadb-10.1.29","mariadb-10.1.30","mariadb-10.1.31","mariadb-10.1.32","mariadb-10.1.33","mariadb-10.1.34","mariadb-10.2.10","mariadb-10.2.11","mariadb-10.2.12","mariadb-10.2.13","mariadb-10.2.14","mariadb-10.2.15","mariadb-10.2.16","mariadb-10.2.6","mariadb-10.2.7","mariadb-10.2.8","mariadb-10.2.9","mariadb-10.3.0","mariadb-10.3.1","mariadb-10.3.2","mariadb-10.3.3","mariadb-10.3.4","mariadb-10.3.5","mariadb-10.3.6","mariadb-10.3.7","mariadb-10.3.8","mariadb-5.5.55","mariadb-5.5.56","mariadb-5.5.57","mariadb-5.5.58","mariadb-5.5.59","mariadb-5.5.60","mariadb-5.5.61","mariadb-galera-10.0.30","mariadb-galera-10.0.31","mariadb-galera-10.0.32","mariadb-galera-10.0.33","mariadb-galera-10.0.34","mariadb-galera-10.0.35","mariadb-galera-5.5.52","mariadb-galera-5.5.53","mariadb-galera-5.5.54","mariadb-galera-5.5.55","mariadb-galera-5.5.56","mariadb-galera-5.5.57","mariadb-galera-5.5.58","mariadb-galera-5.5.59","mariadb-galera-5.5.60","mysql-5.5.55","mysql-5.5.56","mysql-5.5.57","mysql-5.5.58","mysql-5.5.59","mysql-5.5.60","mysql-5.5.61"],"database_specific":{"vanir_signatures":[{"id":"CVE-2018-3063-38db3c82","target":{"function":"Alter_table_statement::execute","file":"sql/sql_alter.cc"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/mariadb/server/commit/e88e26b4242e1c030bb138fca7ea2c916dbe6a76","deprecated":false,"digest":{"function_hash":"198323949681230082960072275235774099598","length":2555}},{"digest":{"line_hashes":["201554446678842728518362786749773466117","285586792789480776296921926559173627308","256375645109633406562912092325276607142","40071459866445731179887149761186882186","156111823093898025938852632112349367221"],"threshold":0.9},"target":{"file":"sql/sql_alter.cc"},"deprecated":false,"signature_version":"v1","source":"https://github.com/mariadb/server/commit/e88e26b4242e1c030bb138fca7ea2c916dbe6a76","id":"CVE-2018-3063-5e1b63fa","signature_type":"Line"},{"id":"CVE-2018-3063-c7d63e12","target":{"function":"ha_sphinx::create","file":"storage/sphinx/ha_sphinx.cc"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/mariadb/server/commit/50c426200224a4527e84052aa2ab32be893f43f4","deprecated":false,"digest":{"function_hash":"212715881248758194619613885069756850581","length":3204}},{"id":"CVE-2018-3063-fd9a5a54","target":{"file":"storage/sphinx/ha_sphinx.cc"},"signature_version":"v1","signature_type":"Line","source":"https://github.com/mariadb/server/commit/50c426200224a4527e84052aa2ab32be893f43f4","deprecated":false,"digest":{"line_hashes":["249570897828672210811035826591486207304","322223126166962698284273532715400319885","270290635075884075638435410358092034776","297141217069259403319068516826314832701"],"threshold":0.9}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-3063.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/mysql/mysql-server","events":[{"introduced":"54df0057e18d8c82c23fbd4e0bf5b5dc2e762955"},{"fixed":"e48d775c6f066add457fa8cfb2ebc4d5ff0c7613"}]}],"versions":["mysql-5.0.87sp1","mysql-5.0.90","mysql-5.0.91","mysql-5.0.92","mysql-5.0.93","mysql-5.0.94","mysql-5.0.95","mysql-5.0.96","mysql-5.1.40sp1","mysql-5.1.41","mysql-5.1.42","mysql-5.1.43","mysql-5.1.43sp1","mysql-5.1.44","mysql-5.1.45","mysql-5.1.46","mysql-5.1.46sp1","mysql-5.1.47","mysql-5.1.48","mysql-5.1.49","mysql-5.1.49sp1","mysql-5.1.50","mysql-5.1.51","mysql-5.1.52","mysql-5.1.52sp1","mysql-5.1.53","mysql-5.1.54","mysql-5.1.55","mysql-5.1.56","mysql-5.1.57","mysql-5.1.58","mysql-5.1.59","mysql-5.1.60","mysql-5.1.61","mysql-5.1.62","mysql-5.1.63","mysql-5.1.65","mysql-5.1.66","mysql-5.1.67","mysql-5.1.68","mysql-5.1.69","mysql-5.1.69-retag","mysql-5.1.70","mysql-5.1.71","mysql-5.1.72","mysql-5.1.73","mysql-5.1.74","mysql-5.1.75","mysql-5.1.76","mysql-5.1.77","mysql-5.5.0","mysql-5.5.1-m2","mysql-5.5.10","mysql-5.5.11","mysql-5.5.12","mysql-5.5.13","mysql-5.5.14","mysql-5.5.15","mysql-5.5.16","mysql-5.5.17","mysql-5.5.18","mysql-5.5.19","mysql-5.5.2-m2","mysql-5.5.20","mysql-5.5.21","mysql-5.5.22","mysql-5.5.23","mysql-5.5.24","mysql-5.5.25","mysql-5.5.25a","mysql-5.5.27","mysql-5.5.28","mysql-5.5.29","mysql-5.5.3-m3","mysql-5.5.30","mysql-5.5.31","mysql-5.5.32","mysql-5.5.33","mysql-5.5.34","mysql-5.5.35","mysql-5.5.36","mysql-5.5.37","mysql-5.5.38","mysql-5.5.39","mysql-5.5.40","mysql-5.5.41","mysql-5.5.42","mysql-5.5.43","mysql-5.5.44","mysql-5.5.45","mysql-5.5.46","mysql-5.5.47","mysql-5.5.48","mysql-5.5.49","mysql-5.5.5-m3","mysql-5.5.50","mysql-5.5.51","mysql-5.5.52","mysql-5.5.53","mysql-5.5.54","mysql-5.5.55","mysql-5.5.56","mysql-5.5.57","mysql-5.5.58","mysql-5.5.59","mysql-5.5.6-rc","mysql-5.5.60","mysql-5.5.7","mysql-5.5.8","mysql-5.5.9"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","target":{"file":"sql-common/client.c"},"signature_type":"Line","id":"CVE-2018-3063-03b72084","source":"https://github.com/mysql/mysql-server/commit/e48d775c6f066add457fa8cfb2ebc4d5ff0c7613","deprecated":false,"digest":{"line_hashes":["78191142045503767829834019020932019650","250157719937173868004615858289264688140","312170375706132797718465719883724591296","15117071355854376419182426407334479680","140920309514825384561268578794081140775","130933521110411440899075290412605664940","28770826883863233939468445958714821618","49331132400223798885681869446783630656"],"threshold":0.9}},{"deprecated":false,"target":{"function":"cli_read_rows","file":"sql-common/client.c"},"signature_type":"Function","signature_version":"v1","source":"https://github.com/mysql/mysql-server/commit/e48d775c6f066add457fa8cfb2ebc4d5ff0c7613","id":"CVE-2018-3063-96a3e3de","digest":{"function_hash":"30804943894516639331708306752096632231","length":2052}},{"id":"CVE-2018-3063-e5eeae5c","target":{"function":"unpack_fields","file":"sql-common/client.c"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/mysql/mysql-server/commit/e48d775c6f066add457fa8cfb2ebc4d5ff0c7613","deprecated":false,"digest":{"function_hash":"88964842003053574630259804416355278302","length":3281}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-3063.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}]}