CVE-2020-2901

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-2901
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-2901.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-2901
Downstream
Related
Published
2020-04-15T14:15:34.640Z
Modified
2026-02-02T21:34:57.268285Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

References

Affected packages

Git / github.com/mysql/mysql-server

Affected ranges

Type
GIT
Repo
https://github.com/mysql/mysql-server
Events
Fixed
473109fb8c9de18d40960f87f8140c71a0d01dd6
Fixed
bd9c260cf7026a54d9bf91ce6782cdb4e6a25c71
Introduced
270fd3411e3d671a73ed9725940a30080f59ce6d
Fixed
ea7d2e2d16ac03afdd9cb72a972a95981107bf51

Affected versions

mysql-5.*
mysql-5.5.52
mysql-5.5.53
mysql-5.5.54
mysql-5.5.55
mysql-5.5.56
mysql-5.5.57
mysql-5.5.58
mysql-5.5.59
mysql-5.5.60
mysql-5.5.61
mysql-5.5.62
mysql-5.5.63
mysql-5.6.33
mysql-5.6.34
mysql-5.6.35
mysql-5.6.36
mysql-5.6.37
mysql-5.6.38
mysql-5.6.39
mysql-5.6.40
mysql-5.6.41
mysql-5.6.42
mysql-5.6.43
mysql-5.6.45
mysql-5.6.46
mysql-8.*
mysql-8.0.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-2901.json"
vanir_signatures 
[
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/mysql/mysql-server/commit/ea7d2e2d16ac03afdd9cb72a972a95981107bf51",
        "target": {
            "function": "ref_t::mark_not_partially_updatable",
            "file": "storage/innobase/lob/lob0lob.cc"
        },
        "deprecated": false,
        "id": "CVE-2020-2901-7ba491c1",
        "digest": {
            "length": 623.0,
            "function_hash": "268414797295401743171423323680366405200"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/mysql/mysql-server/commit/ea7d2e2d16ac03afdd9cb72a972a95981107bf51",
        "target": {
            "file": "storage/innobase/lob/lob0lob.cc"
        },
        "deprecated": false,
        "id": "CVE-2020-2901-85335a60",
        "digest": {
            "line_hashes": [
                "178328081134631892205165699778675444929",
                "297069519883944742228860306989667015308",
                "271109606063349901820849047573123524993"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/mysql/mysql-server/commit/ea7d2e2d16ac03afdd9cb72a972a95981107bf51",
        "target": {
            "function": "purge",
            "file": "storage/innobase/lob/lob0purge.cc"
        },
        "deprecated": false,
        "id": "CVE-2020-2901-ba81527a",
        "digest": {
            "length": 3285.0,
            "function_hash": "332510893913262879819453630442491115668"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/mysql/mysql-server/commit/ea7d2e2d16ac03afdd9cb72a972a95981107bf51",
        "target": {
            "file": "storage/innobase/lob/lob0purge.cc"
        },
        "deprecated": false,
        "id": "CVE-2020-2901-d821719f",
        "digest": {
            "line_hashes": [
                "180778886619526508923404944111269113775",
                "147316919537316689965784322676330417174",
                "5239905161954509642413945198745085468",
                "17024492428593150706336629452115852309",
                "104965365280811678162014628868762321369",
                "282655202815067031575135368237605253571",
                "200985396871617803559027719623855045437"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/mysql/mysql-server/commit/ea7d2e2d16ac03afdd9cb72a972a95981107bf51",
        "target": {
            "file": "storage/innobase/include/lob0lob.h"
        },
        "deprecated": false,
        "id": "CVE-2020-2901-e9f11d86",
        "digest": {
            "line_hashes": [
                "283235786766717374315559903386315292221",
                "192355070266660537871885306096569471401",
                "43630985206282853845868250559889278152",
                "172939939025117458516457434116810536184"
            ],
            "threshold": 0.9
        }
    }
]