MySQL vulnerability detection false positive

Hi, I’m scanning a MySQL server version “5.7.23-23”, the VT “MySQL 5.x Unspecified Buffer Overflow Vulnerability” report the following output which maybe false positive:

Installed version: 5.7.23-
Fixed version: Unknown

Thanks a lot for your posting. There was indeed a bug in that VT causing a wrong comparison, a fix was prepared and should arrive in the feed in the next few days.

A general note on the VT itself:

This VT has a low Quality of Detection (qod) of < 70 % attached which means it doesn’t report by default. If a result is showing up in your report this means that you are using a non-default filter for the report in question and this report might include results which are known and expected to produce false positives.

4 Likes