ID |
CVE-2019-3003
|
Summary |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:oracle:mysql:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.0:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:mysql:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.1:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:mysql:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.2:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:mysql:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.3:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:mysql:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.4:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:mysql:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.5:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:mysql:8.0.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.10:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:mysql:8.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.11:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:mysql:8.0.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.12:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:mysql:8.0.13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.13:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:mysql:8.0.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.14:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:mysql:8.0.15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.15:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:mysql:8.0.16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.16:*:*:*:*:*:*:*
|
CVSS |
Base: | 4.0 (as of 18-11-2019 - 16:15) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-noinfo |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
SINGLE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
NONE |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:S/C:N/I:N/A:P
|
redhat
via4
|
advisories | bugzilla | id | 1732037 | title | CVE-2019-2879 mysql: InnoDB unspecified vulnerability (CPU Jul 2019) |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 8 is installed | oval | oval:com.redhat.rhba:tst:20193384074 |
comment | Module mysql:8.0 is enabled | oval | oval:com.redhat.rhsa:tst:20192511025 |
OR | AND | comment | mecab is earlier than 0:0.996-1.module+el8.0.0+3898+e09bb8de.9 | oval | oval:com.redhat.rhsa:tst:20192511001 |
comment | mecab is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20192511002 |
|
AND | comment | mecab-debugsource is earlier than 0:0.996-1.module+el8.0.0+3898+e09bb8de.9 | oval | oval:com.redhat.rhsa:tst:20192511003 |
comment | mecab-debugsource is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20192511004 |
|
AND | comment | mecab-ipadic is earlier than 0:2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de | oval | oval:com.redhat.rhsa:tst:20192511005 |
comment | mecab-ipadic is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20192511006 |
|
AND | comment | mecab-ipadic-EUCJP is earlier than 0:2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de | oval | oval:com.redhat.rhsa:tst:20192511007 |
comment | mecab-ipadic-EUCJP is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20192511008 |
|
AND | comment | mysql is earlier than 0:8.0.17-3.module+el8.0.0+3898+e09bb8de | oval | oval:com.redhat.rhsa:tst:20192511009 |
comment | mysql is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20131647002 |
|
AND | comment | mysql-common is earlier than 0:8.0.17-3.module+el8.0.0+3898+e09bb8de | oval | oval:com.redhat.rhsa:tst:20192511011 |
comment | mysql-common is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20192511012 |
|
AND | comment | mysql-debugsource is earlier than 0:8.0.17-3.module+el8.0.0+3898+e09bb8de | oval | oval:com.redhat.rhsa:tst:20192511013 |
comment | mysql-debugsource is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20192511014 |
|
AND | comment | mysql-devel is earlier than 0:8.0.17-3.module+el8.0.0+3898+e09bb8de | oval | oval:com.redhat.rhsa:tst:20192511015 |
comment | mysql-devel is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20131647006 |
|
AND | comment | mysql-errmsg is earlier than 0:8.0.17-3.module+el8.0.0+3898+e09bb8de | oval | oval:com.redhat.rhsa:tst:20192511017 |
comment | mysql-errmsg is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20192511018 |
|
AND | comment | mysql-libs is earlier than 0:8.0.17-3.module+el8.0.0+3898+e09bb8de | oval | oval:com.redhat.rhsa:tst:20192511019 |
comment | mysql-libs is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20131647012 |
|
AND | comment | mysql-server is earlier than 0:8.0.17-3.module+el8.0.0+3898+e09bb8de | oval | oval:com.redhat.rhsa:tst:20192511021 |
comment | mysql-server is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20131647014 |
|
AND | comment | mysql-test is earlier than 0:8.0.17-3.module+el8.0.0+3898+e09bb8de | oval | oval:com.redhat.rhsa:tst:20192511023 |
comment | mysql-test is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20131647016 |
|
|
|
|
| rhsa | id | RHSA-2019:2511 | released | 2019-08-15 | severity | Important | title | RHSA-2019:2511: mysql:8.0 security update (Important) |
|
| rpms | - rh-mysql80-mysql-0:8.0.17-1.el7
- rh-mysql80-mysql-common-0:8.0.17-1.el7
- rh-mysql80-mysql-config-0:8.0.17-1.el7
- rh-mysql80-mysql-config-syspaths-0:8.0.17-1.el7
- rh-mysql80-mysql-debuginfo-0:8.0.17-1.el7
- rh-mysql80-mysql-devel-0:8.0.17-1.el7
- rh-mysql80-mysql-errmsg-0:8.0.17-1.el7
- rh-mysql80-mysql-server-0:8.0.17-1.el7
- rh-mysql80-mysql-server-syspaths-0:8.0.17-1.el7
- rh-mysql80-mysql-syspaths-0:8.0.17-1.el7
- rh-mysql80-mysql-test-0:8.0.17-1.el7
- mecab-0:0.996-1.module+el8.0.0+3898+e09bb8de.9
- mecab-debuginfo-0:0.996-1.module+el8.0.0+3898+e09bb8de.9
- mecab-debugsource-0:0.996-1.module+el8.0.0+3898+e09bb8de.9
- mecab-ipadic-0:2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de
- mecab-ipadic-EUCJP-0:2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de
- mysql-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
- mysql-common-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
- mysql-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
- mysql-debugsource-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
- mysql-devel-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
- mysql-devel-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
- mysql-errmsg-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
- mysql-libs-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
- mysql-libs-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
- mysql-server-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
- mysql-server-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
- mysql-test-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
- mysql-test-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
|
|
refmap
via4
|
|
Last major update |
18-11-2019 - 16:15 |
Published |
16-10-2019 - 18:15 |
Last modified |
18-11-2019 - 16:15 |