[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Novel Contributions to the field - How I broke MySQL's code-base (Part 2) [CVE-2016-5541] MySQL cluster remote 0day

 * Copyright (c) 2017, Advanced Information Security Corp / Oracle Inc.    *


This industry-led research was conducted by Advanced Information
Security co-jointly with Oracle Corporation. The CVE assigned for the
MySQL Cluster issues is CVE-2016-5541. This security research
concluded to multiple zero-day vulnerabilities affecting the 'MySQL
Protocol' protocol. Feasibility of exploitation is remote &

The vulnerability can be exploited over the 'MySQL Protocol' protocol.
The 'Cluster: NDBAPI' sub component can be exploited.


Oracle MySQL Cluster 7.4.12
Oracle MySQL Cluster 7.4.5
Oracle MySQL Cluster 7.3.14
Oracle MySQL Cluster 7.3.8
Oracle MySQL Cluster 7.2.26
Oracle MySQL Cluster 7.2.25
Oracle MySQL Cluster 7.2.19

A full report can be obtained from


[1]  Oracle Critical Patch Update - January 2017. 2017. Oracle
Critical Patch Update - January 2017. [ONLINE] Available at: