PT-2019-6388 · Oracle+9 · Mysql Server+8

Publicado

2019-05-26

·

Atualizado

2025-07-15

·

CVE-2019-17543

CVSS v2.0

9.3

Alta

VetorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions LZ4 versions prior to 1.9.2 MySQL Server versions 5.7.34 and earlier MySQL Server versions 8.0.25 and earlier
Description The issue is related to a heap-based buffer overflow in the LZ4 compression algorithm, specifically in the LZ4 write32 function, which can lead to data corruption. This can be exploited by a remote attacker to gain access to confidential data, compromise data integrity, and cause a denial of service. The vendor notes that only a few specific and uncommon usages of the API are at risk.
Recommendations For LZ4 versions prior to 1.9.2, update to version 1.9.2 or later to resolve the issue. For MySQL Server versions 5.7.34 and earlier, update to a version later than 5.7.34. For MySQL Server versions 8.0.25 and earlier, update to a version later than 8.0.25. As a temporary workaround, consider restricting the use of the LZ4 compression algorithm until a patch is available.

Exploit

Correção

DoS

RCE

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-787

Identificadores relacionados

ALSA-2025:11035
ALT-PU-2019-2817
ALT-PU-2019-2830
ALT-PU-2021-2461
ALT-PU-2021-2477
ALT-PU-2021-2571
ALT-PU-2021-3668
BDU:2020-01532
BDU:2023-07612
CESA-2025_11035
CVE-2019-17543
INFSA-2025_11035
MGASA-2019-0375
OPENSUSE-SU-2019:2398-1
OPENSUSE-SU-2019:2399-1
OPENSUSE-SU-2019_2398-1
OPENSUSE-SU-2019_2399-1
OPENSUSE-SU-2024:11034-1
RHSA-2025:11035
RHSA-2025_11035
SUSE-SU-2019:2757-1
SUSE-SU-2019_2757-1
SUSE-SU-2021:1613-1
SUSE-SU-2021_1613-1

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Lz4
Mysql Server
Red Hat
Rocky Linux
Suse