Multiple vulnerabilities in MySQL Workbench
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2020-1730 CVE-2020-1967 |
| CWE-ID | CWE-399 CWE-476 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
MySQL Workbench Universal components / Libraries / Software for developers |
| Vendor | Oracle |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU26756
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-1730
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource management while cleaning the AES-CTR ciphers when closing the connection. A remote attacker can initiate a connection to the client and server that supports AES-CTR ciphers and close the connection before ciphers are initialized, triggering a denial of service condition (service crash). The vulnerability affects both client and server implementations.
Install update from vendor's website.
Vulnerable software versionsMySQL Workbench: 8.0.11 - 8.0.21
CPE2.3- cpe:2.3:a:oracle:mysql_workbench:8.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_workbench:8.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_workbench:8.0.13:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpuoct2020.html?62416
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU27061
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2020-1967
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the SSL_check_chain() function during or after a TLS 1.3 handshake. A remote attacker can send an invalid or unrecognised signature algorithm and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsMySQL Workbench: 8.0.11 - 8.0.21
CPE2.3- cpe:2.3:a:oracle:mysql_workbench:8.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_workbench:8.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_workbench:8.0.13:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpuoct2020.html?62416
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
