PT-2019-6388 · Oracle+9 · Mysql Server+8

Published

2019-05-26

·

Updated

2025-07-15

·

CVE-2019-17543

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions LZ4 versions prior to 1.9.2 MySQL Server versions 5.7.34 and earlier MySQL Server versions 8.0.25 and earlier
Description The issue is related to a heap-based buffer overflow in the LZ4 compression algorithm, specifically in the LZ4 write32 function, which can lead to data corruption. This can be exploited by a remote attacker to gain access to confidential data, compromise data integrity, and cause a denial of service. The vendor notes that only a few specific and uncommon usages of the API are at risk.
Recommendations For LZ4 versions prior to 1.9.2, update to version 1.9.2 or later to resolve the issue. For MySQL Server versions 5.7.34 and earlier, update to a version later than 5.7.34. For MySQL Server versions 8.0.25 and earlier, update to a version later than 8.0.25. As a temporary workaround, consider restricting the use of the LZ4 compression algorithm until a patch is available.

Exploit

Fix

DoS

RCE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-787

Related Identifiers

ALSA-2025:11035
ALT-PU-2019-2817
ALT-PU-2019-2830
ALT-PU-2021-2461
ALT-PU-2021-2477
ALT-PU-2021-2571
ALT-PU-2021-3668
BDU:2020-01532
BDU:2023-07612
CESA-2025_11035
CVE-2019-17543
INFSA-2025_11035
MGASA-2019-0375
OPENSUSE-SU-2019:2398-1
OPENSUSE-SU-2019:2399-1
OPENSUSE-SU-2019_2398-1
OPENSUSE-SU-2019_2399-1
OPENSUSE-SU-2024:11034-1
RHSA-2025:11035
RHSA-2025_11035
SUSE-SU-2019:2757-1
SUSE-SU-2019_2757-1
SUSE-SU-2021:1613-1
SUSE-SU-2021_1613-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Lz4
Mysql Server
Red Hat
Rocky Linux
Suse