PT-2019-17553 · Huawei · Campusinsight+1

Published

2019-12-13

Updated

2019-12-19

CVE-2019-5278

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions CampusInsight versions prior to V100R019C00SPC200

Description The issue is related to an out-of-bounds read in the Advanced Packages feature of the Gauss100 OLTP database. Attackers with specific permissions can exploit this by sending elaborate SQL statements to the database, potentially causing it to crash.

Recommendations For versions prior to V100R019C00SPC200, update to V100R019C00SPC200 or later to resolve the issue. As a temporary workaround, consider restricting access to the Advanced Packages feature to minimize the risk of exploitation.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2019-5278

Affected Products

Campusinsight

Gauss100

PT-2019-17553 · Huawei · Campusinsight+1

CVE-2019-5278

Weakness Enumeration

Related Identifiers

Affected Products

References · 3