CVE-2019-2628
- Source
- https://cve.org/CVERecord?id=CVE-2019-2628
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-2628.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-2628
- Downstream
- Related
- Published
- 2019-04-23T19:32:52.397Z
- Modified
- 2026-02-02T21:33:37.999454Z
- Severity
-
- 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
- References
-
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://access.redhat.com/errata/RHSA-2019:2484
- https://access.redhat.com/errata/RHSA-2019:2511
- https://access.redhat.com/errata/RHSA-2019:3708
- https://support.f5.com/csp/article/K32798641
- https://usn.ubuntu.com/3957-1/
- https://usn.ubuntu.com/4070-3/
- http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html
Affected packages
Git / github.com/mariadb/server
Affected versions
mariadb-10.*
mariadb-10.0.31
mariadb-10.0.32
mariadb-10.0.33
mariadb-10.0.34
mariadb-10.0.35
mariadb-10.0.36
mariadb-10.0.37
mariadb-10.0.38
mariadb-10.1.23
mariadb-10.1.24
mariadb-10.1.25
mariadb-10.1.26
mariadb-10.1.27
mariadb-10.1.28
mariadb-10.1.29
mariadb-10.1.30
mariadb-10.1.31
mariadb-10.1.32
mariadb-10.1.33
mariadb-10.1.34
mariadb-10.1.35
mariadb-10.1.36
mariadb-10.1.37
mariadb-10.1.38
mariadb-10.1.39
mariadb-10.1.40
mariadb-10.2.10
mariadb-10.2.11
mariadb-10.2.12
mariadb-10.2.13
mariadb-10.2.14
mariadb-10.2.15
mariadb-10.2.16
mariadb-10.2.17
mariadb-10.2.18
mariadb-10.2.19
mariadb-10.2.20
mariadb-10.2.21
mariadb-10.2.22
mariadb-10.2.23
mariadb-10.2.24
mariadb-10.2.6
mariadb-10.2.7
mariadb-10.2.8
mariadb-10.2.9
mariadb-10.3.0
mariadb-10.3.1
mariadb-10.3.10
mariadb-10.3.11
mariadb-10.3.12
mariadb-10.3.13
mariadb-10.3.14
mariadb-10.3.2
mariadb-10.3.3
mariadb-10.3.4
mariadb-10.3.5
mariadb-10.3.6
mariadb-10.3.7
mariadb-10.3.8
mariadb-10.3.9
mariadb-5.*
mariadb-5.5.55
mariadb-5.5.56
mariadb-5.5.57
mariadb-5.5.58
mariadb-5.5.59
mariadb-5.5.60
mariadb-5.5.61
mariadb-5.5.62
mariadb-5.5.63
mariadb-5.5.64
mariadb-galera-10.*
mariadb-galera-10.0.30
mariadb-galera-10.0.31
mariadb-galera-10.0.32
mariadb-galera-10.0.33
mariadb-galera-10.0.34
mariadb-galera-10.0.35
mariadb-galera-10.0.36
mariadb-galera-10.0.37
mariadb-galera-5.*
mariadb-galera-5.5.52
mariadb-galera-5.5.53
mariadb-galera-5.5.54
mariadb-galera-5.5.55
mariadb-galera-5.5.56
mariadb-galera-5.5.57
mariadb-galera-5.5.58
mariadb-galera-5.5.59
mariadb-galera-5.5.60
mariadb-galera-5.5.61
mariadb-galera-5.5.62
mysql-5.*
mysql-5.5.55
mysql-5.5.56
mysql-5.5.57
mysql-5.5.58
mysql-5.5.59
mysql-5.5.60
mysql-5.5.61
mysql-5.5.62
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"source": "https://github.com/mariadb/server/commit/e0271a7b43c6df652c6a074858853a6d0da20c1e",
"target": {
"file": "storage/innobase/read/read0read.cc",
"function": "ReadView::copy_trx_ids"
},
"id": "CVE-2019-2628-06a0405c",
"signature_version": "v1",
"digest": {
"function_hash": "30864953543602198811296332068878449409",
"length": 1244.0
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://github.com/mariadb/server/commit/dafe41edead86785908f38093833f84994d312b9",
"target": {
"file": "sql/sql_lex.h"
},
"id": "CVE-2019-2628-0dd0f863",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"35614137147375894626502880677377363780",
"122052696725266788896869039601038402686",
"293377935073574720829128764736472844946",
"167965411673279105705585807680030437061",
"266603145449483856623461404176212719257"
]
},
"deprecated": false
},
{
"signature_type": "Function",
"source": "https://github.com/mariadb/server/commit/dafe41edead86785908f38093833f84994d312b9",
"target": {
"file": "sql/sql_lex.cc",
"function": "LEX::tvc_finalize"
},
"id": "CVE-2019-2628-8bfeccdd",
"signature_version": "v1",
"digest": {
"function_hash": "146836235239953936328054517088141581974",
"length": 391.0
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://github.com/mariadb/server/commit/e0271a7b43c6df652c6a074858853a6d0da20c1e",
"target": {
"file": "storage/innobase/read/read0read.cc"
},
"id": "CVE-2019-2628-c91b6742",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"156634800554884495446330094557232958377",
"168397655013066527752518582445523875487",
"290347820109510294764638399905679308806",
"206365973994183525994886060669110769589",
"166720579752236146865871920350114961297",
"306650630762418418721982678073736125645"
]
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://github.com/mariadb/server/commit/dafe41edead86785908f38093833f84994d312b9",
"target": {
"file": "sql/sql_lex.cc"
},
"id": "CVE-2019-2628-f2314939",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"289662297992501361039647906031453238828",
"176760439508042425835580669563349565307",
"285494534621033236084515116348726394079",
"121210683030609995759340620170413561067",
"275470151517776533418475462189387162792",
"46542273163868525327665502310530439349",
"279854327747375399083464770496018559080",
"316133715060878810092970688186561308833",
"30643414520111612926122160161462168508",
"334130452423483110413402172678041061256",
"101459577499695099677624330976441548462",
"68046667759057070749362613090761245349",
"228465855048822438116905542545359296222",
"195095645378905670131589847820292137961",
"166860501190134978308827341691461462196",
"109562961068628259064569091511245042739",
"237958229097770996199772044610018923034",
"156025133306186755386121472826877823306",
"29173571133395472147420317618754057157",
"41998047607859962631608323032578004279",
"259481685318510766867653707199646928326",
"129002958763276713567655384786558266771",
"189763546972384893969927328099760967726",
"243066557008648720990173078176898805543",
"117568643014400755725842292661113565137",
"161280706266050005885499355829171049518",
"279822636661998058206950324809291605126",
"283300425575385071198722780597958908050",
"178965977189753642278983228994051710031",
"147860199827877033926307381510495262497",
"140811996561599798928818330467681499734"
]
},
"deprecated": false
},
{
"signature_type": "Function",
"source": "https://github.com/mariadb/server/commit/dafe41edead86785908f38093833f84994d312b9",
"target": {
"file": "sql/sql_lex.cc",
"function": "LEX::tvc_finalize_derived"
},
"id": "CVE-2019-2628-f973c92e",
"signature_version": "v1",
"digest": {
"function_hash": "98021950905818865579049360185120295063",
"length": 365.0
},
"deprecated": false
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-2628.json"