Lucene search

K
ubuntucveUbuntu.comUB:CVE-2019-2974
HistoryOct 16, 2019 - 12:00 a.m.

CVE-2019-2974

2019-10-1600:00:00
ubuntu.com
ubuntu.com
35
mysql server
oracle mysql
vulnerability
dos
unauthorized access

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

73.2%

Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 5.6.45 and
prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base
Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Bugs

Notes

Author Note
leosilva since 5.5 is no longer upstream supported and so far we cannot patch it marking as ignored.
OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchmariadb-10.0< anyUNKNOWN
ubuntu18.04noarchmariadb-10.1< 1:10.1.43-0ubuntu0.18.04.1UNKNOWN
ubuntu19.04noarchmariadb-10.3< 1:10.3.20-0ubuntu0.19.04.1UNKNOWN
ubuntu18.04noarchmysql-5.7< 5.7.28-0ubuntu0.18.04.4UNKNOWN
ubuntu19.04noarchmysql-5.7< 5.7.28-0ubuntu0.19.04.2UNKNOWN
ubuntu16.04noarchmysql-5.7< 5.7.28-0ubuntu0.16.04.2UNKNOWN
ubuntu19.10noarchmysql-8.0< 8.0.18-0ubuntu0.19.10.1UNKNOWN
ubuntu20.04noarchmysql-8.0< 8.0.18-0ubuntu3UNKNOWN
ubuntu20.10noarchmysql-8.0< 8.0.18-0ubuntu3UNKNOWN
ubuntu21.04noarchmysql-8.0< 8.0.18-0ubuntu3UNKNOWN
Rows per page:
1-10 of 181

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

73.2%