CVE-2019-2503

Advisory lineage Upstream: 0 Downstream: 9

Downstream

DLA-1570-1 DSA-4341-1 OPENSUSE-SU-2024:11038-1 RHSA-2019:1258 RHSA-2019:2327 RHSA-2019:2484

Modified

Published: 16 Jan 2019, 19:00

Last modified:02 Oct 2024, 16:06

Vulnerability Summary

Overall Risk (default)

medium

26/100

CVSS Score

6.4 MEDIUM

v3.1 (nvd)

EPSS Score

0.15% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

16 Jan 2019, 19:00

Published

Vulnerability first disclosed

02 Oct 2024, 16:06

Last Modified

Vulnerability information updated

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).

CVSS Metrics

v3.1•MEDIUM•Score: 6.4CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
v2.0•LOW•Score: 3.8AV:A/AC:M/Au:S/C:P/I:N/A:P

EPSS Trends

Current EPSS score: 0.15%• Percentile: 36%

Affected Systems

canonical•ubuntu_linux
16.04 | 18.04 | 18.10
mariadb•mariadb
≥ 5.5.0, < 5.5.62 | ≥ 10.0.0, < 10.0.37 | ≥ 10.1.0, < 10.1.36 | ≥ 10.2.0, < 10.2.18 | ≥ 10.3.0, < 10.3.10
netapp•active_iq_unified_manager
≥ 7.3 | ≥ 9.5
netapp•oncommand_insight
na
netapp•oncommand_workflow_automation
na
netapp•snapcenter
na
oracle corporation•mysql server
5.6.42 and prior | 5.7.24 and prior | 8.0.13 and prior
oracle•mysql
≥ 5.6.0, ≤ 5.6.42 | ≥ 5.7.0, ≤ 5.7.24 | ≥ 8.0.0, ≤ 8.0.13
redhat•enterprise_linux_desktop
7.0 | 8.0
redhat•enterprise_linux_eus
8.1 | 8.2 | 8.4 | 8.6
redhat•enterprise_linux_server
7.0 | 8.0
redhat•enterprise_linux_server_aus
8.2 | 8.4 | 8.6
redhat•enterprise_linux_server_tus
8.2 | 8.4 | 8.6
redhat•enterprise_linux_workstation
7.0 | 8.0