Lucene search

[email protected]CVE-2016-6225

HistoryMar 23, 2017 - 4:59 p.m.

CVE-2016-6225

2017-03-2316:59:00

CWE-326

[email protected]

web.nvd.nist.gov

cve-2016-6225

xbcrypt

percona

xtrabackup

encryption vulnerability

chosen-plaintext attack

nvd

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

66.1%

JSON

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.

Affected configurations

NVD

Node

perconaxtrabackupRange≤2.3.5

perconaxtrabackupMatch2.4.0rc1

perconaxtrabackupMatch2.4.1

perconaxtrabackupMatch2.4.2

perconaxtrabackupMatch2.4.3

perconaxtrabackupMatch2.4.4

Node

opensuseleapMatch42.1

opensuseleapMatch42.2

Node

fedoraprojectfedoraMatch24

fedoraprojectfedoraMatch25

CPENameOperatorVersion
percona:xtrabackuppercona xtrabackuple2.3.5
percona:xtrabackuppercona xtrabackupeq2.4.0
percona:xtrabackuppercona xtrabackupeq2.4.1
percona:xtrabackuppercona xtrabackupeq2.4.2
percona:xtrabackuppercona xtrabackupeq2.4.3
percona:xtrabackuppercona xtrabackupeq2.4.4

CPE	Name	Operator	Version
percona:xtrabackup	percona xtrabackup	le	2.3.5
percona:xtrabackup	percona xtrabackup	eq	2.4.0
percona:xtrabackup	percona xtrabackup	eq	2.4.1
percona:xtrabackup	percona xtrabackup	eq	2.4.2
percona:xtrabackup	percona xtrabackup	eq	2.4.3
percona:xtrabackup	percona xtrabackup	eq	2.4.4