CVE-2019-2683

Name of the Vulnerable Software and Affected Versions MySQL Server versions 5.6.43 and prior MySQL Server versions 5.7.25 and prior MySQL Server versions 8.0.15 and prior

Description A vulnerability in the MySQL Server component of Oracle MySQL allows a high-privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of the MySQL Server. The issue is related to inadequate access control in the Server: Options subcomponent.

Recommendations For MySQL Server versions 5.6.43 and prior, update to a version later than 5.6.43 to resolve the issue. For MySQL Server versions 5.7.25 and prior, update to a version later than 5.7.25 to resolve the issue. For MySQL Server versions 8.0.15 and prior, update to a version later than 8.0.15 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.