{"id":"CVE-2016-0546","details":"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.","modified":"2026-04-11T03:36:37.012476Z","published":"2016-01-21T03:01:33.983Z","related":["SUSE-RU-2023:3956-1","SUSE-RU-2023:4991-1","SUSE-SU-2016:0348-1","SUSE-SU-2016:1619-1","SUSE-SU-2016:1620-1","openSUSE-SU-2024:10200-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-0534.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-0705.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3459"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1034708"},{"type":"ADVISORY","url":"https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:1132"},{"type":"ADVISORY","url":"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html"},{"type":"ADVISORY","url":"https://mariadb.com/kb/en/mdb-10023-rn/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-1481.html"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2881-1"},{"type":"ADVISORY","url":"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html"},{"type":"ADVISORY","url":"https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-1480.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/81066"},{"type":"ADVISORY","url":"https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301493"},{"type":"FIX","url":"http://www.debian.org/security/2016/dsa-3453"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"5a6300dcc45da2d6c2b046560da0580548354b93"},{"fixed":"40ae1b9b618fbbc3b494a896a9d074b74e414337"},{"introduced":"776555af021e917ce0d6235386b43ae59fdd5161"},{"fixed":"89a264809d660fb5a4e7d43e9324b1f529a3a1d7"},{"introduced":"c235de12ae3723b96944337bd89ad9cc87f21d8f"},{"fixed":"8efdfc8b58a84f8e8d62f0bb8b31f5b763664c06"},{"introduced":"5bfe1a3917ee1bddc7f2cde0c88961875148873c"},{"last_affected":"b9768521bdeb1a8069c7b871f4536792b65fd79b"},{"introduced":"0"},{"last_affected":"76e20f00772148fa928c6c6e42401f38ca89abf0"}],"database_specific":{"versions":[{"introduced":"5.5.20"},{"fixed":"5.5.47"},{"introduced":"10.0.0"},{"fixed":"10.0.23"},{"introduced":"10.1.0"},{"fixed":"10.1.10"},{"introduced":"5.5.0"},{"last_affected":"5.5.46"},{"introduced":"0"},{"last_affected":"11.3"}]}},{"type":"GIT","repo":"https://github.com/mysql/mysql-server","events":[{"introduced":"0"},{"last_affected":"e27cd6288d4cdc63f141c2a30d1b52c64e1277f8"},{"introduced":"0"},{"last_affected":"b4104b21520be032400b768cea09a867068be49d"},{"introduced":"0"},{"last_affected":"270fd3411e3d671a73ed9725940a30080f59ce6d"},{"fixed":"0dbd5a8797ed4bd18e8b883988fb62177eb0f73f"}],"database_specific":{"versions":[{"introduced":"5.6.0"},{"last_affected":"5.6.27"},{"introduced":"5.7.0"},{"last_affected":"5.7.9"},{"introduced":"0"},{"last_affected":"8.0"}]}}],"versions":["mariadb-10.1.0","mariadb-10.1.2","mariadb-10.1.3","mariadb-10.1.4","mariadb-10.1.5","mariadb-10.1.6","mariadb-10.1.7","mariadb-10.1.8","mariadb-10.1.9","mariadb-10.11.1","mariadb-10.2.0","mariadb-10.2.1","mariadb-10.2.2","mariadb-10.3.0","mariadb-10.3.1","mariadb-10.3.2","mariadb-10.3.4","mariadb-10.3.5","mariadb-10.3.6","mariadb-10.4.3","mariadb-10.4.4","mariadb-10.5.0","mariadb-10.5.2","mariadb-10.6.0","mariadb-10.6.1","mariadb-11.0.1","mariadb-11.3.0","mariadb-galera-10.0.10","mariadb-galera-10.0.11","mariadb-galera-10.0.12","mariadb-galera-10.0.13","mariadb-galera-10.0.14","mariadb-galera-10.0.15","mariadb-galera-10.0.16","mariadb-galera-10.0.17","mariadb-galera-10.0.19","mariadb-galera-10.0.20","mariadb-galera-10.0.21","mariadb-galera-10.0.22","mariadb-galera-10.0.7","mariadb-galera-10.0.7a","mysql-3.23.22-beta","mysql-3.23.28-gamma","mysql-3.23.30-gamma","mysql-3.23.31","mysql-3.23.32","mysql-3.23.33","mysql-3.23.36","mysql-4.0.2","mysql-4.0.4","mysql-5.1.4","mysql-5.5.15","mysql-5.5.19","mysql-5.5.23","mysql-5.5.25","mysql-5.5.27","mysql-5.5.44","mysql-5.5.46","mysql-5.6.27","mysql-5.7.9","mysql-8.0.0"],"database_specific":{"vanir_signatures":[{"target":{"function":"process_options","file":"client/mysql_plugin.c"},"signature_type":"Function","id":"CVE-2016-0546-20f8e646","signature_version":"v1","digest":{"length":1207,"function_hash":"47531622596619977029715184533317242589"},"source":"https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f","deprecated":false},{"target":{"file":"client/mysqlshow.c"},"signature_type":"Line","id":"CVE-2016-0546-22aa5fee","signature_version":"v1","digest":{"line_hashes":["115405344983310410582542651149199378242","194843805652316510878594158178565991269","33954976485021384424793122155203151253","334665244995697120805001869369363018346","293708376788149311609417406012135863954","327258160383603005483809425632661582506","56343303859143354793933813300540428855","131135266206520722474031088532788667154","5493353616448939519869009684941088031","45049474350052254756719987196789052441","88274969499027644251180773108184418088","57204115915690287317343124194591393122","284469956467439852042573287944626426431","314689793388748772055734985799726382011","267210685751736042111710391773821609614","205351096808621785534859802639652500189","285772887605958533196095561325800919840","135963675775985348069705498397289853113","288202052015251320261826441946127133867","22512927484845529532681295185427697643","140903394597233346857150811387877119775","41781843760178045791605672279243309175","76246416098828551605944206771692056909","263920852905688457994813570680689888486","98891984757393277123696473854642113141","153155518987714261481737742763148573053","281520962727711697557559818754322945419","288202052015251320261826441946127133867","54741355079235892885922210194529934371","199771992191373367224569934106046924445","234865100920296644133208515477195259408","82159467952166003691886266019717824227","80216440168408937156529975214497764380","141955731509497107809650649111507997325","293329643563244916490853577771195032766","282921795160099413306652792834317471065","296067656914956557896436859270587842581","263920852905688457994813570680689888486","60719843973179210197829763743732374612","184274700118356118367461631743293500211","207176100348851544311371383824058367522","314379419614051347549550848240962504644","230018724127693914271821594594137466825"],"threshold":0.9},"source":"https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f","deprecated":false},{"target":{"file":"client/mysql_plugin.c"},"signature_type":"Line","id":"CVE-2016-0546-27f7ef77","signature_version":"v1","digest":{"line_hashes":["73891943593151358213422032752344223518","168712511212023742480567017728114030715","222198783439685612655374990209457187180","20815678513859381827721880298349609810","192955112799431037307843004021103121628","142066685936553446477080020433777977723","109674093844196818214646135589397179775","42149396837697724838858442332136488634","261831593571035571425115624574374831611","138857803593230021071506192251422317076","76109622932398532339338194885221370285","89412323738886720178031752751461693877","87199462426977201281802954937537151522"],"threshold":0.9},"source":"https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f","deprecated":false},{"target":{"function":"check_options","file":"client/mysql_plugin.c"},"signature_type":"Function","id":"CVE-2016-0546-3c1e8d30","signature_version":"v1","digest":{"length":2152,"function_hash":"40031717984823606215885920308778638926"},"source":"https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f","deprecated":false},{"target":{"file":"regex/main.c"},"signature_type":"Line","id":"CVE-2016-0546-9bc78037","signature_version":"v1","digest":{"line_hashes":["120034458996837607139036545264090008488","261819760152788058053391939023771727817","155336384241264798913288726703281770745","144962228401254038805861661625809618237","186589799639534450598942665773345584877","262515869095100730535126186794284169880","32423115792033555785876702963135831523","311146391181346884166972681655567734859","253522580443014335328946769267542361455","99767199885946639844893274574687410024","89318330933087194054696354505639073917","98372997690392234278370311479551861154","123099286317499139756571134658399977908","255698819501409231957363774187971994979","23266843351072734785356667089627431292","170578648277143222614544861216384636044","4789603042038510167545389419137954818","231849367014257376965448556555664375783","132663887429310532999975775010071345918","93670716486812408784732607256814304433","76222585344621066765504253603259857350","158561165254400645398412447071093526032","86474948632672573090682121814987411301","26183736241158358683689501114460512440"],"threshold":0.9},"source":"https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f","deprecated":false},{"target":{"function":"reload_acl_and_cache","file":"sql/sql_reload.cc"},"signature_type":"Function","id":"CVE-2016-0546-a5ddc231","signature_version":"v1","digest":{"length":5996,"function_hash":"111043706433505470027673465066186674885"},"source":"https://github.com/mariadb/server/commit/89a264809d660fb5a4e7d43e9324b1f529a3a1d7","deprecated":false},{"target":{"file":"sql/sql_reload.cc"},"signature_type":"Line","id":"CVE-2016-0546-ac002921","signature_version":"v1","digest":{"line_hashes":["159306742910402693391330092690036756588","154471466612685282770028951812159094962","48625389135732133100007130350636776985","293342893800983215307900708602667742465"],"threshold":0.9},"source":"https://github.com/mariadb/server/commit/89a264809d660fb5a4e7d43e9324b1f529a3a1d7","deprecated":false},{"target":{"function":"print_arrays_for","file":"libmysql/conf_to_src.c"},"signature_type":"Function","id":"CVE-2016-0546-bf6ac509","signature_version":"v1","digest":{"length":679,"function_hash":"301272186727860113189050655796002523205"},"source":"https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f","deprecated":false},{"target":{"function":"list_tables","file":"client/mysqlshow.c"},"signature_type":"Function","id":"CVE-2016-0546-cb08ea20","signature_version":"v1","digest":{"length":3205,"function_hash":"183198136284875103151071172925245243077"},"source":"https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f","deprecated":false},{"target":{"file":"libmysql/conf_to_src.c"},"signature_type":"Line","id":"CVE-2016-0546-d380aa27","signature_version":"v1","digest":{"line_hashes":["64554873377195487275906630337907519676","119969744616979542806018356851144757028","99268476436296875437609430920217981491","130705257482029388804508630891721916380","199069277294699028399968103010735717056"],"threshold":0.9},"source":"https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f","deprecated":false},{"target":{"function":"list_dbs","file":"client/mysqlshow.c"},"signature_type":"Function","id":"CVE-2016-0546-d493077a","signature_version":"v1","digest":{"length":2297,"function_hash":"71098886740152026246531609850510788514"},"source":"https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f","deprecated":false},{"target":{"function":"usage","file":"client/mysql_plugin.c"},"signature_type":"Function","id":"CVE-2016-0546-d776ac6e","signature_version":"v1","digest":{"length":337,"function_hash":"305087038746790944226107320728600575141"},"source":"https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f","deprecated":false},{"target":{"function":"list_fields","file":"client/mysqlshow.c"},"signature_type":"Function","id":"CVE-2016-0546-f79d0e53","signature_version":"v1","digest":{"length":1948,"function_hash":"183277213904360874665231044088063951206"},"source":"https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f","deprecated":false},{"target":{"function":"list_table_status","file":"client/mysqlshow.c"},"signature_type":"Function","id":"CVE-2016-0546-f8459ca1","signature_version":"v1","digest":{"length":933,"function_hash":"114974499721027354426049427516131899493"},"source":"https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f","deprecated":false}],"vanir_signatures_modified":"2026-04-11T03:36:37Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-0546.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"15.04"}]},{"events":[{"introduced":"0"},{"last_affected":"15.10"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7"}]},{"events":[{"introduced":"0"},{"last_affected":"42.1"}]},{"events":[{"introduced":"0"},{"last_affected":"13.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}]}}],"schema_version":"1.7.5"}