CVE-2016-6663

HIGH

Oracle MySQL <5.5.52, 5.6.x <5.6.33, 5.7.x <5.7.15, and 8.x <8.0.1 - Privilege Escalation

Title source: llm

Description

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.

Exploits (2)

exploitdb WORKING POC
by Dawid Golunski · clocallinux
https://www.exploit-db.com/exploits/40678
nomisec WORKING POC 5 stars
by firebroo · poc
https://github.com/firebroo/CVE-2016-6663

References (24)

... and 4 more

Scores

CVSS v3 7.0
EPSS 0.0314
EPSS Percentile 86.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-362
Status published
Products (5)
mariadb/mariadb 5.5.20 - 5.5.52
oracle/mysql 8.0
oracle/mysql 5.5.0 - 5.5.52
percona/percona_server 5.5 - 5.5.51-38.2
percona/xtradb_cluster 5.5 - 5.5.41-37.0
Published Dec 13, 2016
Tracked Since Feb 18, 2026