Strix
26.1K

CVE-2019-2503

MEDIUMCVSS 6.4/10EPSS 2.49%

Last modified

CVE-2019-2503 is a medium-severity vulnerability rated 6.4/10 on the CVSS scale. Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. EPSS estimates a 2.49% chance of exploitation in the next 30 days.

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).

Metrics

CVSS 3.1
6.4/10

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Probability
2.49%

82.6th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
OracleMysql>= 5.6.0, <= 5.6.42
OracleMysql>= 5.7.0, <= 5.7.24
OracleMysql>= 8.0.0, <= 8.0.13
MariadbMariadb>= 5.5.0, < 5.5.62
MariadbMariadb>= 10.0.0, < 10.0.37
MariadbMariadb>= 10.1.0, < 10.1.36
MariadbMariadb>= 10.2.0, < 10.2.18
MariadbMariadb>= 10.3.0, < 10.3.10
NetappActive Iq Unified Manager>= 7.3
NetappActive Iq Unified Manager>= 9.5
NetappOncommand InsightAll versions
NetappOncommand Workflow AutomationAll versions
NetappSnapcenterAll versions
CanonicalUbuntu Linux16.04
CanonicalUbuntu Linux18.04
CanonicalUbuntu Linux18.10
RedhatEnterprise Linux Desktop7.0
RedhatEnterprise Linux Desktop8.0
RedhatEnterprise Linux Eus8.1
RedhatEnterprise Linux Eus8.2
RedhatEnterprise Linux Eus8.4
RedhatEnterprise Linux Eus8.6
RedhatEnterprise Linux Server7.0
RedhatEnterprise Linux Server8.0
RedhatEnterprise Linux Server Aus8.2
RedhatEnterprise Linux Server Aus8.4
RedhatEnterprise Linux Server Aus8.6
RedhatEnterprise Linux Server Tus8.2
RedhatEnterprise Linux Server Tus8.4
RedhatEnterprise Linux Server Tus8.6
RedhatEnterprise Linux Workstation7.0
RedhatEnterprise Linux Workstation8.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-2503?
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).
How severe is CVE-2019-2503?
CVE-2019-2503 has a CVSS score of 6.4/10 (MEDIUM severity). The EPSS model estimates a 2.49% probability of exploitation in the next 30 days.
How do I fix CVE-2019-2503?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-2503?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST