CVE-2019-2537

MEDIUM

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

References

http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

http://www.securityfocus.com/bid/106619

https://access.redhat.com/errata/RHSA-2019:1258

https://access.redhat.com/errata/RHSA-2019:2484

https://access.redhat.com/errata/RHSA-2019:2511

https://lists.debian.org/debian-lts-announce/2019/02/msg00000.html

https://security.gentoo.org/glsa/201908-24

https://security.netapp.com/advisory/ntap-20190118-0002/

https://usn.ubuntu.com/3867-1/

Details

Source: MITRE

Published: 2019-01-16

Updated: 2019-05-21

Type: CWE-284

Risk Information

CVSS v2.0

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.2

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.6.0 to 5.6.42 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.7.0 to 5.7.24 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 8.0.0 to 8.0.13 (inclusive)

ID	Name	Product	Family	Severity
130575	RHEL 8 : mariadb:10.3 (RHSA-2019:3708)	Nessus	Red Hat Local Security Checks	medium
129356	MariaDB 10.1.0 < 10.1.38 Multiple Vulnerabilities	Nessus	Databases	medium
129062	MariaDB 10.0.0 < 10.0.38 Multiple Vulnerabilities	Nessus	Databases	medium
128973	MariaDB 10.2.0 < 10.2.22 Multiple Vulnerabilities	Nessus	Databases	medium
128876	MariaDB 10.3.0 < 10.3.13 Multiple Vulnerabilities	Nessus	Databases	medium
127991	RHEL 8 : mysql:8.0 (RHSA-2019:2511)	Nessus	Red Hat Local Security Checks	medium
127983	Oracle Linux 8 : mysql:8.0 (ELSA-2019-2511)	Nessus	Oracle Linux Local Security Checks	medium
127973	GLSA-201908-24 : MariaDB, MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
127885	SUSE SLED12 / SLES12 Security Update : mariadb-100 (SUSE-SU-2019:2118-1)	Nessus	SuSE Local Security Checks	medium
127764	SUSE SLES12 Security Update : mariadb (SUSE-SU-2019:2048-1)	Nessus	SuSE Local Security Checks	high
126216	Photon OS 2.0: Mysql PHSA-2019-2.0-0152	Nessus	PhotonOS Local Security Checks	high
700631	MySQL 8.0.x < 8.0.15 Multiple Vulnerabilities (Jan 2019 CPU)	Nessus Network Monitor	Database	high
700630	MySQL 8.0.x < 8.0.14 Multiple Vulnerabilities (Jan 2019 CPU)	Nessus Network Monitor	Database	high
700628	MySQL 5.7.x < 5.7.25 Multiple Vulnerabilities (Jan 2019 CPU)	Nessus Network Monitor	Database	high
700623	MySQL 5.6.x < 5.6.43 Multiple Vulnerabilities (Jan 2019 CPU)	Nessus Network Monitor	Database	high
123089	Amazon Linux AMI : mysql57 (ALAS-2019-1181)	Nessus	Amazon Linux Local Security Checks	medium
123086	Amazon Linux AMI : mysql56 (ALAS-2019-1178)	Nessus	Amazon Linux Local Security Checks	medium
122851	SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2019:0609-1)	Nessus	SuSE Local Security Checks	medium
122849	openSUSE Security Update : mariadb (openSUSE-2019-327)	Nessus	SuSE Local Security Checks	high
122664	SUSE SLED15 / SLES15 Security Update : mariadb (SUSE-SU-2019:0555-1)	Nessus	SuSE Local Security Checks	high
122557	Fedora 28 : community-mysql (2019-21b76d179e)	Nessus	Fedora Local Security Checks	medium
121608	openSUSE Security Update : mysql-community-server (openSUSE-2019-138)	Nessus	SuSE Local Security Checks	medium
121567	Slackware 14.1 / 14.2 : mariadb (SSA:2019-032-01)	Nessus	Slackware Local Security Checks	medium
121552	Debian DLA-1655-1 : mariadb-10.0 security update	Nessus	Debian Local Security Checks	medium
121406	FreeBSD : MySQL -- multiple vulnerabilities (d3d02d3a-2242-11e9-b95c-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	medium
121346	Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : mysql-5.7 vulnerabilities (USN-3867-1)	Nessus	Ubuntu Local Security Checks	medium
121229	MySQL 8.0.x < 8.0.14 Multiple Vulnerabilities (Jan 2019 CPU)	Nessus	Databases	medium
121228	MySQL 5.7.x < 5.7.25 Multiple Vulnerabilities (Jan 2019 CPU)	Nessus	Databases	medium
121227	MySQL 5.6.x < 5.6.43 Multiple Vulnerabilities (Jan 2019 CPU)	Nessus	Databases	medium
700392	Oracle MySQL 5.7.x < 5.7.24 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
700391	Oracle MySQL 5.6.x < 5.6.42 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
700390	Oracle MySQL 8.0.x < 8.0.13 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium