CVE-2019-2627
- Source
- https://cve.org/CVERecord?id=CVE-2019-2627
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-2627.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-2627
- Downstream
- Related
- Published
- 2019-04-23T19:32:52.333Z
- Modified
- 2026-04-16T00:05:19.125559110Z
- Severity
-
- 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
- Database specific
{ "unresolved_ranges": [ { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "14.04" } ] }, { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "16.04" } ] }, { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "18.04" } ] }, { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "18.10" } ] }, { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "19.04" } ] }, { "cpe": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "15.0" } ] }, { "cpe": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "15.1" } ] }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "7.0" } ] }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "8.6" } ] }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "7.0" } ] }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "8.6" } ] }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "8.6" } ] }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "7.0" } ] } ] }- References
-
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html
- https://access.redhat.com/errata/RHSA-2019:2327
- https://access.redhat.com/errata/RHSA-2019:2484
- https://access.redhat.com/errata/RHSA-2019:2511
- https://access.redhat.com/errata/RHSA-2019:3708
- https://support.f5.com/csp/article/K32798641
- https://usn.ubuntu.com/3957-1/
- https://usn.ubuntu.com/3957-2/
- https://usn.ubuntu.com/3957-3/
- https://usn.ubuntu.com/4070-3/
- http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Affected packages
Git / github.com/mariadb/server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mariadb/server
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "cpe": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "introduced": "5.5.0" }, { "fixed": "5.5.64" }, { "introduced": "10.1.0" }, { "fixed": "10.1.39" }, { "introduced": "10.2.0" }, { "fixed": "10.2.24" }, { "introduced": "10.3.0" }, { "fixed": "10.3.15" }, { "introduced": "10.4.0" }, { "fixed": "10.4.5" } ] }
Affected versions
mariadb-10.*
mariadb-10.1.0
mariadb-10.1.10
mariadb-10.1.11
mariadb-10.1.12
mariadb-10.1.13
mariadb-10.1.14
mariadb-10.1.15
mariadb-10.1.16
mariadb-10.1.17
mariadb-10.1.18
mariadb-10.1.19
mariadb-10.1.2
mariadb-10.1.20
mariadb-10.1.21
mariadb-10.1.22
mariadb-10.1.23
mariadb-10.1.24
mariadb-10.1.25
mariadb-10.1.26
mariadb-10.1.27
mariadb-10.1.28
mariadb-10.1.29
mariadb-10.1.3
mariadb-10.1.30
mariadb-10.1.31
mariadb-10.1.32
mariadb-10.1.33
mariadb-10.1.34
mariadb-10.1.35
mariadb-10.1.37
mariadb-10.1.38
mariadb-10.1.4
mariadb-10.1.5
mariadb-10.1.6
mariadb-10.1.7
mariadb-10.1.8
mariadb-10.1.9
mariadb-10.2.0
mariadb-10.2.1
mariadb-10.2.10
mariadb-10.2.11
mariadb-10.2.12
mariadb-10.2.13
mariadb-10.2.14
mariadb-10.2.15
mariadb-10.2.16
mariadb-10.2.18
mariadb-10.2.19
mariadb-10.2.2
mariadb-10.2.20
mariadb-10.2.21
mariadb-10.2.22
mariadb-10.2.23
mariadb-10.2.5
mariadb-10.3.0
mariadb-10.3.1
mariadb-10.3.10
mariadb-10.3.12
mariadb-10.3.2
mariadb-10.3.4
mariadb-10.3.5
mariadb-10.3.6
mariadb-10.3.7
mariadb-10.4.3
mariadb-10.4.4
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-2627.json"
vanir_signatures_modified
"2026-04-11T21:08:42Z"
vanir_signatures
[
{
"signature_type": "Function",
"id": "CVE-2019-2627-06a0405c",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "30864953543602198811296332068878449409",
"length": 1244.0
},
"target": {
"file": "storage/innobase/read/read0read.cc",
"function": "ReadView::copy_trx_ids"
},
"source": "https://github.com/mariadb/server/commit/e0271a7b43c6df652c6a074858853a6d0da20c1e"
},
{
"signature_type": "Line",
"id": "CVE-2019-2627-0dd0f863",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"35614137147375894626502880677377363780",
"122052696725266788896869039601038402686",
"293377935073574720829128764736472844946",
"167965411673279105705585807680030437061",
"266603145449483856623461404176212719257"
],
"threshold": 0.9
},
"target": {
"file": "sql/sql_lex.h"
},
"source": "https://github.com/mariadb/server/commit/dafe41edead86785908f38093833f84994d312b9"
},
{
"signature_type": "Function",
"id": "CVE-2019-2627-8bfeccdd",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "146836235239953936328054517088141581974",
"length": 391.0
},
"target": {
"file": "sql/sql_lex.cc",
"function": "LEX::tvc_finalize"
},
"source": "https://github.com/mariadb/server/commit/dafe41edead86785908f38093833f84994d312b9"
},
{
"signature_type": "Line",
"id": "CVE-2019-2627-c91b6742",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mariadb/server/commit/e0271a7b43c6df652c6a074858853a6d0da20c1e",
"target": {
"file": "storage/innobase/read/read0read.cc"
},
"digest": {
"line_hashes": [
"156634800554884495446330094557232958377",
"168397655013066527752518582445523875487",
"290347820109510294764638399905679308806",
"206365973994183525994886060669110769589",
"166720579752236146865871920350114961297",
"306650630762418418721982678073736125645"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"id": "CVE-2019-2627-f2314939",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mariadb/server/commit/dafe41edead86785908f38093833f84994d312b9",
"target": {
"file": "sql/sql_lex.cc"
},
"digest": {
"line_hashes": [
"289662297992501361039647906031453238828",
"176760439508042425835580669563349565307",
"285494534621033236084515116348726394079",
"121210683030609995759340620170413561067",
"275470151517776533418475462189387162792",
"46542273163868525327665502310530439349",
"279854327747375399083464770496018559080",
"316133715060878810092970688186561308833",
"30643414520111612926122160161462168508",
"334130452423483110413402172678041061256",
"101459577499695099677624330976441548462",
"68046667759057070749362613090761245349",
"228465855048822438116905542545359296222",
"195095645378905670131589847820292137961",
"166860501190134978308827341691461462196",
"109562961068628259064569091511245042739",
"237958229097770996199772044610018923034",
"156025133306186755386121472826877823306",
"29173571133395472147420317618754057157",
"41998047607859962631608323032578004279",
"259481685318510766867653707199646928326",
"129002958763276713567655384786558266771",
"189763546972384893969927328099760967726",
"243066557008648720990173078176898805543",
"117568643014400755725842292661113565137",
"161280706266050005885499355829171049518",
"279822636661998058206950324809291605126",
"283300425575385071198722780597958908050",
"178965977189753642278983228994051710031",
"147860199827877033926307381510495262497",
"140811996561599798928818330467681499734"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"id": "CVE-2019-2627-f973c92e",
"source": "https://github.com/mariadb/server/commit/dafe41edead86785908f38093833f84994d312b9",
"deprecated": false,
"digest": {
"function_hash": "98021950905818865579049360185120295063",
"length": 365.0
},
"target": {
"file": "sql/sql_lex.cc",
"function": "LEX::tvc_finalize_derived"
},
"signature_version": "v1"
}
]
Git / github.com/mysql/mysql-server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mysql/mysql-server
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedIntroducedLast affected
- Database specific
{ "cpe": [ "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "extracted_events": [ { "introduced": "5.6.0" }, { "last_affected": "5.6.43" }, { "introduced": "5.7.0" }, { "last_affected": "5.7.25" }, { "introduced": "0" }, { "last_affected": "8.1" }, { "last_affected": "8.2" }, { "last_affected": "8.4" }, { "introduced": "8.0.0" }, { "last_affected": "8.0.15" } ] }
Affected versions
mysql-3.*
mysql-3.23.22-beta
mysql-3.23.28-gamma
mysql-3.23.30-gamma
mysql-3.23.31
mysql-3.23.32
mysql-3.23.33
mysql-3.23.36
mysql-4.*
mysql-4.0.2
mysql-4.0.4
mysql-5.*
mysql-5.1.4
mysql-5.6.40
mysql-5.6.43
mysql-5.7.25
mysql-8.*
mysql-8.0.14
mysql-8.0.15
mysql-8.1.0
mysql-8.2.0
mysql-8.4.0
mysql-cluster-8.*
mysql-cluster-8.1.0
mysql-cluster-8.2.0
mysql-cluster-8.4.0