CVE-2019-2805

Source
https://cve.org/CVERecord?id=CVE-2019-2805
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-2805.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-2805
Downstream
Related
Published
2019-07-23T23:15:42.647Z
Modified
2026-07-09T05:10:07.814779Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Database specific
{
    "unresolved_ranges": [
        {
            "vendor_product": "canonical:ubuntu_linux",
            "extracted_events": [
                {
                    "introduced": "16.04"
                },
                {
                    "last_affected": "16.04"
                },
                {
                    "introduced": "18.04"
                },
                {
                    "last_affected": "18.04"
                },
                {
                    "introduced": "19.04"
                },
                {
                    "last_affected": "19.04"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*"
            ]
        },
        {
            "vendor_product": "fedoraproject:fedora",
            "extracted_events": [
                {
                    "introduced": "29"
                },
                {
                    "last_affected": "29"
                },
                {
                    "introduced": "30"
                },
                {
                    "last_affected": "30"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"
            ]
        },
        {
            "vendor_product": "opensuse:leap",
            "extracted_events": [
                {
                    "introduced": "15.1"
                },
                {
                    "last_affected": "15.1"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"
            ]
        },
        {
            "vendor_product": "redhat:enterprise_linux_desktop",
            "extracted_events": [
                {
                    "introduced": "8.0"
                },
                {
                    "last_affected": "8.0"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_desktop:8.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "vendor_product": "redhat:enterprise_linux_eus",
            "extracted_events": [
                {
                    "introduced": "8.1"
                },
                {
                    "last_affected": "8.1"
                },
                {
                    "introduced": "8.2"
                },
                {
                    "last_affected": "8.2"
                },
                {
                    "introduced": "8.4"
                },
                {
                    "last_affected": "8.4"
                },
                {
                    "introduced": "8.6"
                },
                {
                    "last_affected": "8.6"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*"
            ]
        },
        {
            "vendor_product": "redhat:enterprise_linux_server",
            "extracted_events": [
                {
                    "introduced": "8.0"
                },
                {
                    "last_affected": "8.0"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "vendor_product": "redhat:enterprise_linux_server_aus",
            "extracted_events": [
                {
                    "introduced": "8.2"
                },
                {
                    "last_affected": "8.2"
                },
                {
                    "introduced": "8.4"
                },
                {
                    "last_affected": "8.4"
                },
                {
                    "introduced": "8.6"
                },
                {
                    "last_affected": "8.6"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*"
            ]
        },
        {
            "vendor_product": "redhat:enterprise_linux_server_tus",
            "extracted_events": [
                {
                    "introduced": "8.2"
                },
                {
                    "last_affected": "8.2"
                },
                {
                    "introduced": "8.4"
                },
                {
                    "last_affected": "8.4"
                },
                {
                    "introduced": "8.6"
                },
                {
                    "last_affected": "8.6"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*"
            ]
        },
        {
            "vendor_product": "redhat:enterprise_linux_workstation",
            "extracted_events": [
                {
                    "introduced": "8.0"
                },
                {
                    "last_affected": "8.0"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_workstation:8.0:*:*:*:*:*:*:*"
            ]
        }
    ]
}
References

Affected packages

Git / github.com/mariadb/server

Affected ranges

Type
GIT
Repo
https://github.com/mariadb/server
Events
Database specific
{
    "cpe": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "5.5.0"
        },
        {
            "fixed": "5.5.65"
        },
        {
            "introduced": "10.1.0"
        },
        {
            "fixed": "10.1.41"
        },
        {
            "introduced": "10.2.0"
        },
        {
            "fixed": "10.2.26"
        },
        {
            "introduced": "10.3.0"
        },
        {
            "fixed": "10.3.17"
        },
        {
            "introduced": "10.4.0"
        },
        {
            "fixed": "10.4.7"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

mariadb-10.*
mariadb-10.1.0
mariadb-10.1.10
mariadb-10.1.11
mariadb-10.1.12
mariadb-10.1.13
mariadb-10.1.14
mariadb-10.1.15
mariadb-10.1.16
mariadb-10.1.17
mariadb-10.1.18
mariadb-10.1.19
mariadb-10.1.2
mariadb-10.1.20
mariadb-10.1.21
mariadb-10.1.22
mariadb-10.1.23
mariadb-10.1.24
mariadb-10.1.25
mariadb-10.1.26
mariadb-10.1.27
mariadb-10.1.28
mariadb-10.1.29
mariadb-10.1.3
mariadb-10.1.30
mariadb-10.1.31
mariadb-10.1.32
mariadb-10.1.33
mariadb-10.1.34
mariadb-10.1.35
mariadb-10.1.37
mariadb-10.1.38
mariadb-10.1.39
mariadb-10.1.4
mariadb-10.1.5
mariadb-10.1.6
mariadb-10.1.7
mariadb-10.1.8
mariadb-10.1.9
mariadb-10.2.0
mariadb-10.2.1
mariadb-10.2.10
mariadb-10.2.11
mariadb-10.2.12
mariadb-10.2.13
mariadb-10.2.14
mariadb-10.2.15
mariadb-10.2.16
mariadb-10.2.18
mariadb-10.2.19
mariadb-10.2.2
mariadb-10.2.20
mariadb-10.2.21
mariadb-10.2.22
mariadb-10.2.23
mariadb-10.2.24
mariadb-10.2.25
mariadb-10.2.5
mariadb-10.3.0
mariadb-10.3.1
mariadb-10.3.10
mariadb-10.3.12
mariadb-10.3.16
mariadb-10.3.2
mariadb-10.3.4
mariadb-10.3.5
mariadb-10.3.6
mariadb-10.3.7
mariadb-10.4.3
mariadb-10.4.4
mariadb-10.4.5

Database specific

vanir_signatures_modified
"2026-07-09T05:10:07Z"
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-2805.json"
vanir_signatures
[
    {
        "id": "CVE-2019-2805-b48fe36d",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "10029655468523680087909754560677550487",
                "249206229017255372790869811829915538710",
                "135594948238048789926237750215822573110",
                "294639499642123912567807309333166069529"
            ]
        },
        "source": "https://github.com/mariadb/server/commit/cc37250a76472de4021bdfb395a17a9e736aecf6",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "sql-common/client_plugin.c"
        }
    },
    {
        "id": "CVE-2019-2805-e9448928",
        "digest": {
            "function_hash": "328702508623507382370033351725735174012",
            "length": 1863.0
        },
        "source": "https://github.com/mariadb/server/commit/cc37250a76472de4021bdfb395a17a9e736aecf6",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "mysql_load_plugin_v",
            "file": "sql-common/client_plugin.c"
        }
    }
]

Git / github.com/mysql/mysql-server

Affected ranges

Type
GIT
Repo
https://github.com/mysql/mysql-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected
Introduced
Last affected
Database specific
{
    "cpe": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "5.6.0"
        },
        {
            "last_affected": "5.6.44"
        },
        {
            "introduced": "5.7.0"
        },
        {
            "last_affected": "5.7.26"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.0.16"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

mysql-3.*
mysql-3.23.22-beta
mysql-3.23.28-gamma
mysql-3.23.30-gamma
mysql-3.23.31
mysql-3.23.32
mysql-3.23.33
mysql-3.23.36
mysql-4.*
mysql-4.0.2
mysql-4.0.4
mysql-5.*
mysql-5.1.4
mysql-5.6.40
mysql-5.6.44
mysql-5.7.26
mysql-8.*
mysql-8.0.16
mysql-cluster-8.*
mysql-cluster-8.0.16

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-2805.json"