NIXPKGS-2026-1493

GitHub issue published 1 month, 1 week ago

Permalink CVE-2026-8276

2.9 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month, 1 week ago by @LeSuisse Activity log

Created suggestion 1 month, 1 week ago
@LeSuisse ignored
5 references
1 month, 1 week ago
@LeSuisse accepted 1 month, 1 week ago
@LeSuisse published on GitHub 1 month, 1 week ago

bettercap MySQL Server mysql_server.go integer coercion

A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysql_server/mysql_server.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit has been published and may be used. This patch is called 0eaa375c5e5446bfba94a290eff92967a5deac9e. It is advisable to implement a patch to correct this issue.

References

https://github.com/bettercap/bettercap/pull/1266 issue-trackingpatch
https://github.com/bettercap/bettercap/issues/1265#issue-4287957382 issue-trackingexploit
https://github.com/bettercap/bettercap/commit/0eaa375c5e5446bfba94a290eff92967a… patch

Ignored references (5)

VDB-362573 | bettercap MySQL Server mysql_server.go integer coercion vdb-entry
VDB-362573 | CTI Indicators (IOB, IOC, IOA) permissions-requiredsignature
Submit #811163 | Bettercap <=v2.41.5 Integer Coercion Error third-party-advisory
https://github.com/bettercap/bettercap/issues/1265 issue-tracking
https://github.com/bettercap/bettercap/ product

Affected products

bettercap

==2.41.1
==2.41.5
==2.41.2
==2.41.0
==2.41.4
==2.41.3

Matching in nixpkgs

pkgs.bettercap

Man in the middle tool

nixos-unstable 2.41.5
- nixpkgs-unstable 2.41.5
- nixos-unstable-small 2.41.5

Nixpkgs security tracker

Details of issue NIXPKGS-2026-1493

References

Affected products

Matching in nixpkgs

pkgs.bettercap