{
	"id": "18629835-3c6c-4f8a-a5f9-47ff7ce76558",
	"created_at": "2026-04-06T00:06:39.394054Z",
	"updated_at": "2026-04-10T13:12:43.806481Z",
	"deleted_at": null,
	"sha1_hash": "0ab038115c69004a1573d9306c096d7b30f99207",
	"title": "NVD - CVE-2016-6662",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 78992,
	"plain_text": "NVD - CVE-2016-6662\r\nArchived: 2026-04-05 16:07:46 UTC\r\nCVE-2016-6662 Detail\r\nDescription\r\nOracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x\r\nbefore 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and\r\n5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms\r\nby setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with\r\nroot privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October\r\n2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52,\r\n5.6.33, and 5.7.15.\r\nMetrics\r\n \r\nNVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other\r\nsources is also displayed.\r\nCVSS 3.x Severity and Vector Strings:\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6662\r\nPage 1 of 7\n\nNIST: NVD\r\nBase Score:  9.8 CRITICAL\r\nVector:  CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\r\nReferences to Advisories, Solutions, and Tools\r\nBy selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites\r\nbecause they may have information that would be of interest to you. No inferences should be drawn on account of\r\nother sites being referenced, or not, from this page. There may be other web sites that are more appropriate for\r\nyour purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these\r\nsites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please\r\naddress comments about this page to nvd@nist.gov.\r\nURL Source(s) Tag(s)\r\nhttp://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.htmlCVE,\r\nMITRE\r\nThird Party\r\nAdvisory \r\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6662\r\nPage 2 of 7\n\nURL Source(s) Tag(s)\r\nhttp://rhn.redhat.com/errata/RHSA-2016-2058.html\r\nCVE,\r\nMITRE\r\nThird Party\r\nAdvisory \r\nhttp://rhn.redhat.com/errata/RHSA-2016-2059.html\r\nCVE,\r\nMITRE\r\nThird Party\r\nAdvisory \r\nhttp://rhn.redhat.com/errata/RHSA-2016-2060.html\r\nCVE,\r\nMITRE\r\nThird Party\r\nAdvisory \r\nhttp://rhn.redhat.com/errata/RHSA-2016-2061.html\r\nCVE,\r\nMITRE\r\nThird Party\r\nAdvisory \r\nhttp://rhn.redhat.com/errata/RHSA-2016-2062.html\r\nCVE,\r\nMITRE\r\nThird Party\r\nAdvisory \r\nhttp://rhn.redhat.com/errata/RHSA-2016-2077.html\r\nCVE,\r\nMITRE\r\nThird Party\r\nAdvisory \r\nhttp://rhn.redhat.com/errata/RHSA-2016-2130.html\r\nCVE,\r\nMITRE\r\nThird Party\r\nAdvisory \r\nhttp://rhn.redhat.com/errata/RHSA-2016-2131.html\r\nCVE,\r\nMITRE\r\nThird Party\r\nAdvisory \r\nhttp://rhn.redhat.com/errata/RHSA-2016-2595.html\r\nCVE,\r\nMITRE\r\nThird Party\r\nAdvisory \r\nhttp://rhn.redhat.com/errata/RHSA-2016-2749.html\r\nCVE,\r\nMITRE\r\nThird Party\r\nAdvisory \r\nhttp://rhn.redhat.com/errata/RHSA-2016-2927.html\r\nCVE,\r\nMITRE\r\nThird Party\r\nAdvisory \r\nhttp://rhn.redhat.com/errata/RHSA-2016-2928.html\r\nCVE,\r\nMITRE\r\nThird Party\r\nAdvisory \r\nhttp://rhn.redhat.com/errata/RHSA-2017-0184.html\r\nCVE,\r\nMITRE\r\nThird Party\r\nAdvisory \r\nhttp://seclists.org/fulldisclosure/2016/Sep/23\r\nCVE,\r\nMITRE\r\nMailing List  Third\r\nParty Advisory \r\nhttp://www.debian.org/security/2016/dsa-3666\r\nCVE,\r\nMITRE\r\nThird Party\r\nAdvisory \r\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6662\r\nPage 3 of 7\n\nURL Source(s) Tag(s)\r\nhttp://www.openwall.com/lists/oss-security/2016/09/12/3\r\nCVE,\r\nMITRE\r\nMailing List  Third\r\nParty Advisory \r\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-\r\n2881722.html\r\nCVE,\r\nMITRE\r\nPatch  Vendor\r\nAdvisory \r\nhttp://www.securityfocus.com/bid/92912\r\nCVE,\r\nMITRE\r\nThird Party\r\nAdvisory  VDB\r\nEntry \r\nhttp://www.securitytracker.com/id/1036769\r\nCVE,\r\nMITRE\r\nThird Party\r\nAdvisory  VDB\r\nEntry \r\nhttps://jira.mariadb.org/browse/MDEV-10465\r\nCVE,\r\nMITRE\r\nIssue Tracking \r\nVendor Advisory \r\nhttps://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/\r\nCVE,\r\nMITRE\r\nRelease Notes \r\nVendor Advisory \r\nhttps://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/\r\nCVE,\r\nMITRE\r\nRelease Notes \r\nVendor Advisory \r\nhttps://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/\r\nCVE,\r\nMITRE\r\nRelease Notes \r\nVendor Advisory \r\nhttps://security.gentoo.org/glsa/201701-01\r\nCVE,\r\nMITRE\r\nThird Party\r\nAdvisory \r\nhttps://www.exploit-db.com/exploits/40360/\r\nCVE,\r\nMITRE\r\nExploit  Third Party\r\nAdvisory  VDB\r\nEntry \r\nhttps://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/CVE,\r\nMITRE\r\nThird Party\r\nAdvisory \r\nWeakness Enumeration\r\nCWE-ID CWE Name Source\r\nCWE-264 Permissions, Privileges, and Access Controls\r\nNIST  \r\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6662\r\nPage 4 of 7\n\nKnown Affected Software Configurations Switch to CPE 2.2\r\nConfiguration 1 ( hide )\r\n cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\nFrom (including)\r\n5.5.0\r\nUp to (including)\r\n5.5.52\r\n cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\nFrom (including)\r\n5.6.0\r\nUp to (including)\r\n5.6.33\r\n cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\nFrom (including)\r\n5.7.0\r\nUp to (including)\r\n5.7.15\r\nConfiguration 2 ( hide )\r\n cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\nFrom (including)\r\n5.5\r\nUp to (excluding)\r\n5.5.51-38.1\r\n cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\nFrom (including)\r\n5.6\r\nUp to (excluding)\r\n5.6.32-78.0\r\n cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\nFrom (including)\r\n5.7\r\nUp to (excluding)\r\n5.7.14-7\r\nConfiguration 3 ( hide )\r\n cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\nFrom (including)\r\n5.5.20\r\nUp to (excluding)\r\n5.5.51\r\n cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\nFrom (including)\r\n10.0.0\r\nUp to (excluding)\r\n10.0.27\r\n cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\nFrom (including)\r\n10.1.0\r\nUp to (excluding)\r\n10.1.17\r\nConfiguration 4 ( hide )\r\n cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\nConfiguration 5 ( hide )\r\n cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6662\r\nPage 5 of 7\n\ncpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\n cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\n cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\n cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\n cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\n cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\n cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\n cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\n cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\n cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\n cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\n cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\n cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\n cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\n cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\n cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6662\r\nPage 6 of 7\n\ncpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\n cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\n cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\r\n   Show Matching CPE(s)\r\nDenotes Vulnerable Software\r\nAre we missing a CPE here? Please let us know.\r\nChange History\r\n18 change records found show changes\r\nQuick Info\r\nCVE Dictionary Entry:\r\nCVE-2016-6662\r\nNVD Published Date:\r\n09/20/2016\r\nNVD Last Modified:\r\n04/12/2025\r\nSource:\r\nMITRE\r\nSource: https://nvd.nist.gov/vuln/detail/CVE-2016-6662\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6662\r\nPage 7 of 7",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://nvd.nist.gov/vuln/detail/CVE-2016-6662"
	],
	"report_names": [
		"CVE-2016-6662"
	],
	"threat_actors": [],
	"ts_created_at": 1775433999,
	"ts_updated_at": 1775826763,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0ab038115c69004a1573d9306c096d7b30f99207.pdf",
		"text": "https://archive.orkl.eu/0ab038115c69004a1573d9306c096d7b30f99207.txt",
		"img": "https://archive.orkl.eu/0ab038115c69004a1573d9306c096d7b30f99207.jpg"
	}
}