CVE-2019-2740

Name of the Vulnerable Software and Affected Versions MySQL Server versions 5.6.44 and prior MySQL Server versions 5.7.26 and prior MySQL Server versions 8.0.16 and prior

Description A vulnerability in the MySQL Server component of Oracle MySQL, specifically in the Server: XML subcomponent, allows a low-privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. This issue is related to improper access control.

Recommendations For MySQL Server versions 5.6.44 and prior, update to a version later than 5.6.44 to resolve the issue. For MySQL Server versions 5.7.26 and prior, update to a version later than 5.7.26 to resolve the issue. For MySQL Server versions 8.0.16 and prior, update to a version later than 8.0.16 to resolve the issue. As a temporary workaround, consider restricting access to the Server: XML subcomponent to minimize the risk of exploitation.