CVE-2019-3003 - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions th

CVE-2019-3003

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

References

Vulnerable Configurations

cpe:2.3:a:oracle:mysql:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.16:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

CVSS

Base:	4.0 (as of 31-01-2023 - 19:05)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:N/A:P

redhat via4

advisories

bugzilla

id	1732037
title	CVE-2019-2879 mysql: InnoDB unspecified vulnerability (CPU Jul 2019)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 8 is installed
oval oval:com.redhat.rhba:tst:20193384074
comment Module mysql:8.0 is enabled
oval oval:com.redhat.rhsa:tst:20192511025

AND

comment mecab is earlier than 0:0.996-1.module+el8.0.0+3898+e09bb8de.9
oval oval:com.redhat.rhsa:tst:20192511001
comment mecab is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192511002

AND

comment mecab-debugsource is earlier than 0:0.996-1.module+el8.0.0+3898+e09bb8de.9
oval oval:com.redhat.rhsa:tst:20192511003
comment mecab-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192511004

AND

comment mecab-ipadic is earlier than 0:2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de
oval oval:com.redhat.rhsa:tst:20192511005
comment mecab-ipadic is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192511006

AND

comment mecab-ipadic-EUCJP is earlier than 0:2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de
oval oval:com.redhat.rhsa:tst:20192511007
comment mecab-ipadic-EUCJP is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192511008

AND

comment mysql is earlier than 0:8.0.17-3.module+el8.0.0+3898+e09bb8de
oval oval:com.redhat.rhsa:tst:20192511009
comment mysql is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131647002

AND

comment mysql-common is earlier than 0:8.0.17-3.module+el8.0.0+3898+e09bb8de
oval oval:com.redhat.rhsa:tst:20192511011
comment mysql-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192511012

AND

comment mysql-debugsource is earlier than 0:8.0.17-3.module+el8.0.0+3898+e09bb8de
oval oval:com.redhat.rhsa:tst:20192511013
comment mysql-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192511014

AND

comment mysql-devel is earlier than 0:8.0.17-3.module+el8.0.0+3898+e09bb8de
oval oval:com.redhat.rhsa:tst:20192511015
comment mysql-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131647006

AND

comment mysql-errmsg is earlier than 0:8.0.17-3.module+el8.0.0+3898+e09bb8de
oval oval:com.redhat.rhsa:tst:20192511017
comment mysql-errmsg is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192511018

AND

comment mysql-libs is earlier than 0:8.0.17-3.module+el8.0.0+3898+e09bb8de
oval oval:com.redhat.rhsa:tst:20192511019
comment mysql-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131647012

AND

comment mysql-server is earlier than 0:8.0.17-3.module+el8.0.0+3898+e09bb8de
oval oval:com.redhat.rhsa:tst:20192511021
comment mysql-server is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131647014

AND

comment mysql-test is earlier than 0:8.0.17-3.module+el8.0.0+3898+e09bb8de
oval oval:com.redhat.rhsa:tst:20192511023
comment mysql-test is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131647016

rhsa

id	RHSA-2019:2511
released	2019-08-15
severity	Important
title	RHSA-2019:2511: mysql:8.0 security update (Important)

rpms

rh-mysql80-mysql-0:8.0.17-1.el7
rh-mysql80-mysql-common-0:8.0.17-1.el7
rh-mysql80-mysql-config-0:8.0.17-1.el7
rh-mysql80-mysql-config-syspaths-0:8.0.17-1.el7
rh-mysql80-mysql-debuginfo-0:8.0.17-1.el7
rh-mysql80-mysql-devel-0:8.0.17-1.el7
rh-mysql80-mysql-errmsg-0:8.0.17-1.el7
rh-mysql80-mysql-server-0:8.0.17-1.el7
rh-mysql80-mysql-server-syspaths-0:8.0.17-1.el7
rh-mysql80-mysql-syspaths-0:8.0.17-1.el7
rh-mysql80-mysql-test-0:8.0.17-1.el7
mecab-0:0.996-1.module+el8.0.0+3898+e09bb8de.9
mecab-debuginfo-0:0.996-1.module+el8.0.0+3898+e09bb8de.9
mecab-debugsource-0:0.996-1.module+el8.0.0+3898+e09bb8de.9
mecab-ipadic-0:2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de
mecab-ipadic-EUCJP-0:2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de
mysql-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-common-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-debugsource-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-devel-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-devel-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-errmsg-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-libs-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-libs-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-server-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-server-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-test-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-test-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de

refmap via4

confirm	https://security.netapp.com/advisory/ntap-20191017-0002/
misc	http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
ubuntu	USN-4195-1

Last major update

31-01-2023 - 19:05

Published

16-10-2019 - 18:15

Last modified

31-01-2023 - 19:05