PT-2019-3243 · Oracle+9 · Mysql Server+8

Published

2015-09-02

·

Updated

2023-12-29

·

CVE-2019-2737

CVSS v3.1

4.9

Medium

VectorAV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions MySQL Server versions 5.6.44 and prior MySQL Server versions 5.7.26 and prior MySQL Server versions 8.0.16 and prior
Description A vulnerability in the MySQL Server component of Oracle MySQL, specifically in the Server: Pluggable Auth subcomponent, allows a highly privileged attacker with network access via multiple protocols to compromise MySQL Server. The vulnerability can be easily exploited and may result in an unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server, leading to a denial of service.
Recommendations For MySQL Server version 5.6.44 and prior, update to a version later than 5.6.44. For MySQL Server version 5.7.26 and prior, update to a version later than 5.7.26. For MySQL Server version 8.0.16 and prior, update to a version later than 8.0.16.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

ALSA-2019:2511
ALSA-2019:3708
ALT-PU-2015-1749
ALT-PU-2019-2432
ALT-PU-2019-2435
ALT-PU-2019-2436
ALT-PU-2020-1827
BDU:2019-03233
CESA-2019_2511
CESA-2019_3708
CESA-2020_1100
CVE-2019-2737
MGASA-2019-0224
OPENSUSE-SU-2019:2698-1
OPENSUSE-SU-2019_2698-1
RHSA-2019:2484
RHSA-2019:2511
RHSA-2019:3708
RHSA-2019_2511
RHSA-2019_3708
RHSA-2020:1100
RHSA-2020:4174
RHSA-2020:5246
RHSA-2020:5663
RHSA-2020_1100
RLSA-2019:2511
RLSA-2019:3708
SUSE-RU-2023:3956-1
SUSE-RU-2023:4991-1
SUSE-SU-2019:2461-1
SUSE-SU-2019:2687-1
SUSE-SU-2019:3306-1
SUSE-SU-2019:3369-1
SUSE-SU-2019_3306-1
SUSE-SU-2019_3369-1
SUSE-SU-2020:0640-1
SUSE-SU-2020:0831-1
USN-4070-1
USN-4070-2
USN-4070-3

Affected Products

Alt Linux
Almalinux
Centos
Mariadb Server
Mysql Server
Red Hat
Rocky Linux
Suse
Ubuntu