CVE-2019-2503

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).

Database specific

{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "16.04"
                },
                {
                    "last_affected": "18.04"
                },
                {
                    "last_affected": "18.10"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "canonical:ubuntu_linux"
        },
        {
            "cpes": [
                "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
                "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "7.3"
                },
                {
                    "introduced": "9.5"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "netapp:active_iq_unified_manager"
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_desktop:8.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "7.0"
                },
                {
                    "last_affected": "8.0"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:enterprise_linux_desktop"
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "8.1"
                },
                {
                    "last_affected": "8.2"
                },
                {
                    "last_affected": "8.4"
                },
                {
                    "last_affected": "8.6"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:enterprise_linux_eus"
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "7.0"
                },
                {
                    "last_affected": "8.0"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:enterprise_linux_server"
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "8.2"
                },
                {
                    "last_affected": "8.4"
                },
                {
                    "last_affected": "8.6"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:enterprise_linux_server_aus"
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "8.2"
                },
                {
                    "last_affected": "8.4"
                },
                {
                    "last_affected": "8.6"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:enterprise_linux_server_tus"
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_workstation:8.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "7.0"
                },
                {
                    "last_affected": "8.0"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:enterprise_linux_workstation"
        }
    ]
}

References

Affected packages

Git / github.com/mariadb/server

Affected ranges

Type

GIT

Repo

https://github.com/mariadb/server

Events

Introduced

5bfe1a3917ee1bddc7f2cde0c88961875148873c

Fixed

bac287c315b1792e7ae33f91add6a60292f9bae8

Introduced

776555af021e917ce0d6235386b43ae59fdd5161

Fixed

b9a69f776d3dea825bc23759660258c28bf58cc7

Introduced

c235de12ae3723b96944337bd89ad9cc87f21d8f

Fixed

b1d72f1722f6a026f8e4496822802ca3c65c76be

Introduced

9664240c948a92c22ccda0e1f5a420eb776ddcb1

Fixed

2dfb4a8abe3af501f8a6780ed782a2eee5e6f6d5

Introduced

20ae591abd0bfe1bfaee546989ee163f4ef832b1

Fixed

bad2f1569da57c4a81cc84ec2f4a79924df9c8d6

Database specific

{
    "extracted_events": [
        {
            "introduced": "5.5.0"
        },
        {
            "fixed": "5.5.62"
        },
        {
            "introduced": "10.0.0"
        },
        {
            "fixed": "10.0.37"
        },
        {
            "introduced": "10.1.0"
        },
        {
            "fixed": "10.1.36"
        },
        {
            "introduced": "10.2.0"
        },
        {
            "fixed": "10.2.18"
        },
        {
            "introduced": "10.3.0"
        },
        {
            "fixed": "10.3.10"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*"
}

Affected versions

mariadb-10.*

mariadb-10.1.0

mariadb-10.1.10

mariadb-10.1.11

mariadb-10.1.12

mariadb-10.1.13

mariadb-10.1.14

mariadb-10.1.15

mariadb-10.1.16

mariadb-10.1.17

mariadb-10.1.18

mariadb-10.1.19

mariadb-10.1.2

mariadb-10.1.20

mariadb-10.1.21

mariadb-10.1.22

mariadb-10.1.23

mariadb-10.1.24

mariadb-10.1.25

mariadb-10.1.26

mariadb-10.1.27

mariadb-10.1.28

mariadb-10.1.29

mariadb-10.1.3

mariadb-10.1.30

mariadb-10.1.31

mariadb-10.1.32

mariadb-10.1.33

mariadb-10.1.34

mariadb-10.1.35

mariadb-10.1.4

mariadb-10.1.5

mariadb-10.1.6

mariadb-10.1.7

mariadb-10.1.8

mariadb-10.1.9

mariadb-10.2.0

mariadb-10.2.1

mariadb-10.2.10

mariadb-10.2.11

mariadb-10.2.12

mariadb-10.2.13

mariadb-10.2.14

mariadb-10.2.15

mariadb-10.2.16

mariadb-10.2.2

mariadb-10.2.5

mariadb-10.3.0

mariadb-10.3.1

mariadb-10.3.2

mariadb-10.3.4

mariadb-10.3.5

mariadb-10.3.6

mariadb-10.3.7

Database specific

vanir_signatures_modified

"2026-05-18T15:12:06Z"

vanir_signatures

[
    {
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2019-2503-31d9682c",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "160075039351122944864225182554874669088",
                "79298247766313756764199076124200846221",
                "45115464249083926102003093201691213873",
                "234850493844753889546639429561578022423",
                "28144202877714812540506170033579428584",
                "64207172708277179404454160631042475789",
                "237722189373658064007831416036979490253",
                "40893712863390563503154152743217547031",
                "117668516850458519561463813363427354257",
                "157614703768094946194775545036620441701",
                "15967427616295603339113842507058398295",
                "104723310754908331401965919169681994802",
                "128841576046909535802914848653453387150",
                "284907253619130800196406482515430948114",
                "58255352786302269574555313408484604557",
                "157514477970302582442983000214658193991",
                "49411501730675364796830781016823824091",
                "156754744226265852277547691043485091575",
                "151934133497638100292742275943448330976",
                "10181848583206569474669288713374153883",
                "247129231873868569546561042046461048482"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/mariadb/server/commit/bac287c315b1792e7ae33f91add6a60292f9bae8",
        "target": {
            "file": "mysys/mf_iocache2.c"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2019-2503-72121355",
        "signature_version": "v1",
        "digest": {
            "function_hash": "308253576018065477432791791193588044020",
            "length": 1331.0
        },
        "source": "https://github.com/mariadb/server/commit/bad2f1569da57c4a81cc84ec2f4a79924df9c8d6",
        "target": {
            "file": "sql/sql_truncate.cc",
            "function": "Sql_cmd_truncate_table::truncate_table"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2019-2503-ed6762dc",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "233329946525851308164343744210653883501",
                "204742638511364347075405366020716870838",
                "164974133903162645092052012131298403240"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/mariadb/server/commit/bad2f1569da57c4a81cc84ec2f4a79924df9c8d6",
        "target": {
            "file": "sql/sql_truncate.cc"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2019-2503-f33e8bff",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "284485189603290621779676875043266591403",
                "132605580046284372650070224531900132128",
                "302718530449704346344600505888277165066",
                "55767056226081983856624214715648615778"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/mariadb/server/commit/bad2f1569da57c4a81cc84ec2f4a79924df9c8d6",
        "target": {
            "file": "sql/sql_class.h"
        }
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-2503.json"

Git / github.com/mysql/mysql-server

Affected ranges

Type

GIT

Repo

https://github.com/mysql/mysql-server

Events

Introduced

Last affected

4789962c2f451b9bc7e9a1c29598bdea144edc47

Last affected

d2029238d6d9f648077664e4cdd611e231a6dc14

Introduced

270fd3411e3d671a73ed9725940a30080f59ce6d

Last affected

e4924f36486f971f8a04252e01c803457a2c72f7

Database specific

{
    "extracted_events": [
        {
            "introduced": "5.6.0"
        },
        {
            "last_affected": "5.6.42"
        },
        {
            "introduced": "5.7.0"
        },
        {
            "last_affected": "5.7.24"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.0.13"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*"
}

Affected versions

mysql-3.*

mysql-3.23.22-beta

mysql-3.23.28-gamma

mysql-3.23.30-gamma

mysql-3.23.31

mysql-3.23.32

mysql-3.23.33

mysql-3.23.36

mysql-4.*

mysql-4.0.2

mysql-4.0.4

mysql-5.*

mysql-5.1.4

mysql-5.6.40

mysql-5.6.42

mysql-5.7.24

mysql-8.*

mysql-8.0.13

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-2503.json"