ALPINE-CVE-2016-6664 — Vulnetix

Try Vulnetix Request Demo

ALPINE-CVE-2016-6664 PUBLISHED CVSS 7 HIGH

mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.

Risk Scores

CVSS v3.1

7

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.8	mariadb	10.1.9-r1, 10.1.9-r0, 10.1.8-r1
Alpine:v3.18	mariadb	5.5.41-r0, 10.0.21-r2, 10.1.11-r0
Alpine:v3.11	mariadb	10.1.17-r1, 5.5.43-r5, 5.5.43-r4
Alpine:v3.4	mariadb	10.0.21-r1, 0, 10.0.21-r0
Alpine:v3.9	mariadb	10.1.13-r1, 5.5.43-r5, 5.5.43-r4
Alpine:v3.20	mariadb	10.1.8-r0, 5.5.43-r5, 5.5.43-r4
Alpine:v3.13	mariadb	10.1.14-r3, 10.1.16-r0, 10.1.17-r0
Alpine:v3.10	mariadb	10.1.14-r0, 5.5.43-r5, 5.5.43-r4
Alpine:v3.12	mariadb	10.1.14-r0, 10.1.14-r1, 10.1.14-r2
Alpine:v3.7	mariadb	10.0.21-r0, 0, 10.0.21-r0
Alpine:v3.16	mariadb	0, 5.5.42-r1, 5.5.42-r0
Alpine:v3.19	mariadb	10.1.13-r1, 0, 10.0.21-r0
Alpine:v3.22	mariadb	10.1.13-r1, 5.5.43-r5, 5.5.43-r4
Alpine:v3.5	mariadb	0, 5.5.43-r5, 5.5.43-r4
Alpine:v3.17	mariadb	0, 10.1.14-r0, 10.1.14-r1
Alpine:v3.23	mariadb	0, 10.0.21-r0, 10.0.21-r1
Alpine:v3.15	mariadb	5.5.41-r2, 10.0.21-r1, 10.0.21-r2
Alpine:v3.3	mariadb	10.0.21-r0, 10.0.21-r1, 10.0.21-r2
Alpine:v3.6	mariadb	10.0.21-r0, 0, 10.0.21-r0
Alpine:v3.14	mariadb	10.1.13-r1, 10.0.21-r0, 10.0.21-r1

…and 1 more

Timeline

Dec 13, 2016 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2016-6664 advisory

Open in Interactive Console →