CVE-2018-2640
- Source
- https://cve.org/CVERecord?id=CVE-2018-2640
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-2640.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-2640
- Downstream
- Related
- Published
- 2018-01-18T02:29:20.947Z
- Modified
- 2026-04-11T11:39:50.817504Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
- References
-
- http://www.securitytracker.com/id/1040216
- https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html
- https://usn.ubuntu.com/3537-1/
- https://www.debian.org/security/2018/dsa-4341
- https://access.redhat.com/errata/RHSA-2018:0586
- https://access.redhat.com/errata/RHSA-2018:2439
- https://access.redhat.com/errata/RHSA-2019:1258
- https://security.netapp.com/advisory/ntap-20180117-0002/
- https://www.debian.org/security/2018/dsa-4091
- https://access.redhat.com/errata/RHSA-2018:2729
- https://usn.ubuntu.com/3537-2/
- http://www.securityfocus.com/bid/102678
- https://access.redhat.com/errata/RHSA-2018:0587
- https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Affected packages
Git / github.com/mariadb/server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mariadb/server
- Events
- Database specific
{ "versions": [ { "introduced": "10.0.0" }, { "fixed": "10.0.34" }, { "introduced": "10.1.0" }, { "fixed": "10.1.31" }, { "introduced": "10.2.0" }, { "fixed": "10.2.13" } ] }
- Type
- GIT
- Repo
- https://github.com/mysql/mysql-server
- Events
-
IntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "5.5.0" }, { "last_affected": "5.5.58" }, { "introduced": "5.6.0" }, { "last_affected": "5.6.38" }, { "introduced": "5.7.0" }, { "last_affected": "5.7.20" }, { "introduced": "5.5.0" }, { "fixed": "5.5.59" }, { "introduced": "0" }, { "last_affected": "8.0" }, { "introduced": "0" }, { "last_affected": "9.0" }, { "introduced": "0" }, { "last_affected": "7.5" } ] }
Affected versions
mariadb-10.*
mariadb-10.1.0
mariadb-10.1.10
mariadb-10.1.11
mariadb-10.1.12
mariadb-10.1.13
mariadb-10.1.14
mariadb-10.1.15
mariadb-10.1.16
mariadb-10.1.17
mariadb-10.1.18
mariadb-10.1.19
mariadb-10.1.2
mariadb-10.1.20
mariadb-10.1.21
mariadb-10.1.22
mariadb-10.1.23
mariadb-10.1.24
mariadb-10.1.25
mariadb-10.1.26
mariadb-10.1.27
mariadb-10.1.28
mariadb-10.1.29
mariadb-10.1.3
mariadb-10.1.30
mariadb-10.1.4
mariadb-10.1.5
mariadb-10.1.6
mariadb-10.1.7
mariadb-10.1.8
mariadb-10.1.9
mariadb-10.2.0
mariadb-10.2.1
mariadb-10.2.10
mariadb-10.2.11
mariadb-10.2.12
mariadb-10.2.2
mariadb-10.2.5
mysql-3.*
mysql-3.23.22-beta
mysql-3.23.28-gamma
mysql-3.23.30-gamma
mysql-3.23.31
mysql-3.23.32
mysql-3.23.33
mysql-3.23.36
mysql-4.*
mysql-4.0.2
mysql-4.0.4
mysql-5.*
mysql-5.1.4
mysql-5.5.15
mysql-5.5.19
mysql-5.5.23
mysql-5.5.25
mysql-5.5.27
mysql-5.5.44
mysql-5.5.47
mysql-5.5.49
mysql-5.5.58
mysql-5.6.38
mysql-5.7.20
mysql-8.*
mysql-8.0.0
mysql-9.*
mysql-9.0.0
mysql-9.0.0-release
mysql-cluster-7.*
mysql-cluster-7.5.0
mysql-cluster-9.*
mysql-cluster-9.0.0
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "17.10"
}
]
},
{
"events": [
{
"introduced": "7.3"
}
]
},
{
"events": [
{
"introduced": "9.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
}
]
vanir_signatures_modified
"2026-04-11T11:39:50Z"
vanir_signatures
[
{
"deprecated": false,
"target": {
"file": "storage/innobase/fsp/fsp0file.cc",
"function": "Datafile::restore_from_doublewrite"
},
"id": "CVE-2018-2640-35955af8",
"signature_type": "Function",
"source": "https://github.com/mariadb/server/commit/00f0c039d2f4213ccf0a0202349ecb162a799989",
"signature_version": "v1",
"digest": {
"function_hash": "130605097230749778694010073870346686670",
"length": 1054.0
}
},
{
"deprecated": false,
"target": {
"file": "storage/innobase/os/os0file.cc",
"function": "os_file_write_func"
},
"id": "CVE-2018-2640-63cb60d2",
"signature_type": "Function",
"source": "https://github.com/mariadb/server/commit/00f0c039d2f4213ccf0a0202349ecb162a799989",
"signature_version": "v1",
"digest": {
"function_hash": "225684029145934870115777883669100534248",
"length": 960.0
}
},
{
"deprecated": false,
"target": {
"file": "storage/innobase/handler/ha_innodb.cc"
},
"id": "CVE-2018-2640-73c034dd",
"signature_type": "Line",
"source": "https://github.com/mariadb/server/commit/00f0c039d2f4213ccf0a0202349ecb162a799989",
"signature_version": "v1",
"digest": {
"line_hashes": [
"270860312524047975223998427597379069133",
"138700069694352925751092711221965681083",
"73177570771323724918039668023285208338",
"334316589423847422718539826515170429787"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"target": {
"file": "storage/innobase/fsp/fsp0file.cc"
},
"id": "CVE-2018-2640-74431fcb",
"signature_type": "Line",
"source": "https://github.com/mariadb/server/commit/00f0c039d2f4213ccf0a0202349ecb162a799989",
"signature_version": "v1",
"digest": {
"line_hashes": [
"142954440393337238364499438551411317676",
"222393189091191459111113825646834264347",
"218786519671436864181379588620900852574",
"47343729200658771295506502538095007608",
"114042143539907191956327849716988713876"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"target": {
"file": "storage/innobase/log/log0recv.cc"
},
"id": "CVE-2018-2640-79f1104b",
"signature_type": "Line",
"source": "https://github.com/mariadb/server/commit/00f0c039d2f4213ccf0a0202349ecb162a799989",
"signature_version": "v1",
"digest": {
"line_hashes": [
"185075245068664039325029482465215810291",
"332123619142345873462417961515224028149",
"279792484854263699879640871403809161912",
"26110594930125329989886054578182194610"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"target": {
"file": "extra/mariabackup/xtrabackup.cc",
"function": "xtrabackup_backup_func"
},
"id": "CVE-2018-2640-84ac66cb",
"signature_type": "Function",
"source": "https://github.com/mariadb/server/commit/00f0c039d2f4213ccf0a0202349ecb162a799989",
"signature_version": "v1",
"digest": {
"function_hash": "316540848342180118779221857666050078639",
"length": 9466.0
}
},
{
"deprecated": false,
"target": {
"file": "storage/innobase/fsp/fsp0sysspace.cc"
},
"id": "CVE-2018-2640-93e2b7d3",
"signature_type": "Line",
"source": "https://github.com/mariadb/server/commit/00f0c039d2f4213ccf0a0202349ecb162a799989",
"signature_version": "v1",
"digest": {
"line_hashes": [
"36077434821275875247811855456353572105",
"160581400765285351176714843658421363508",
"766346996563297499073672373392412876",
"211150773200112696487715150603501049777"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"target": {
"file": "storage/innobase/log/log0recv.cc",
"function": "recv_init_crash_recovery_spaces"
},
"id": "CVE-2018-2640-9a1f1e99",
"signature_type": "Function",
"source": "https://github.com/mariadb/server/commit/00f0c039d2f4213ccf0a0202349ecb162a799989",
"signature_version": "v1",
"digest": {
"function_hash": "68988844885919766892113874866915131823",
"length": 2117.0
}
},
{
"deprecated": false,
"target": {
"file": "extra/mariabackup/xtrabackup.cc",
"function": "xb_load_tablespaces"
},
"id": "CVE-2018-2640-9ed06d3d",
"signature_type": "Function",
"source": "https://github.com/mariadb/server/commit/00f0c039d2f4213ccf0a0202349ecb162a799989",
"signature_version": "v1",
"digest": {
"function_hash": "61688056747625301825107397785610625027",
"length": 1435.0
}
},
{
"deprecated": false,
"target": {
"file": "extra/mariabackup/xtrabackup.cc"
},
"id": "CVE-2018-2640-c8156020",
"signature_type": "Line",
"source": "https://github.com/mariadb/server/commit/00f0c039d2f4213ccf0a0202349ecb162a799989",
"signature_version": "v1",
"digest": {
"line_hashes": [
"10836350722366508992115719304931899919",
"313172078672241696523004237139405359507",
"127803409878542658969602070866683137262",
"50652555589067442011188990995813019082",
"283928848828838093908684271187431787106",
"299074893176668912988681797415969708150",
"6321873636136299859751854381117970802",
"324440987259170321930944114802905990638",
"173258812540214653539287437580893304143"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"target": {
"file": "storage/innobase/include/fsp0file.h"
},
"id": "CVE-2018-2640-d7da5a49",
"signature_type": "Line",
"source": "https://github.com/mariadb/server/commit/00f0c039d2f4213ccf0a0202349ecb162a799989",
"signature_version": "v1",
"digest": {
"line_hashes": [
"75278074706413613809406016363572072456",
"137935962809119759940085893828396599894",
"264338671440348818089795647450576095197",
"205375926455532591392422900073845632398",
"108292044452921360659566642416443155746"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"target": {
"file": "storage/innobase/handler/ha_innodb.cc",
"function": "innodb_make_page_dirty"
},
"id": "CVE-2018-2640-dd1d00db",
"signature_type": "Function",
"source": "https://github.com/mariadb/server/commit/00f0c039d2f4213ccf0a0202349ecb162a799989",
"signature_version": "v1",
"digest": {
"function_hash": "245222482251486452532970526960647548905",
"length": 742.0
}
},
{
"deprecated": false,
"target": {
"file": "storage/innobase/fsp/fsp0sysspace.cc",
"function": "SysTablespace::read_lsn_and_check_flags"
},
"id": "CVE-2018-2640-edef8987",
"signature_type": "Function",
"source": "https://github.com/mariadb/server/commit/00f0c039d2f4213ccf0a0202349ecb162a799989",
"signature_version": "v1",
"digest": {
"function_hash": "120134255564222204347753978400896185616",
"length": 1114.0
}
},
{
"deprecated": false,
"target": {
"file": "storage/innobase/os/os0file.cc"
},
"id": "CVE-2018-2640-f5650a73",
"signature_type": "Line",
"source": "https://github.com/mariadb/server/commit/00f0c039d2f4213ccf0a0202349ecb162a799989",
"signature_version": "v1",
"digest": {
"line_hashes": [
"215992549750288932437508368358727087603",
"216474942203275196967132544327490846901",
"39406859376278680657854698126409261900",
"7697263132410919682525481477251438694",
"57904983498328393684578034683468974781"
],
"threshold": 0.9
}
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-2640.json"