{"id":"CVE-2019-2503","details":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).","modified":"2026-03-20T11:35:46.404837Z","published":"2019-01-16T19:30:34.610Z","related":["ALSA-2019:2511","CGA-hm58-3fq9-24vp","openSUSE-SU-2024:11038-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/106626"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1258"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2327"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2484"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2511"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190118-0002/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3867-1/"},{"type":"FIX","url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"5bfe1a3917ee1bddc7f2cde0c88961875148873c"},{"fixed":"bac287c315b1792e7ae33f91add6a60292f9bae8"},{"introduced":"776555af021e917ce0d6235386b43ae59fdd5161"},{"fixed":"b9a69f776d3dea825bc23759660258c28bf58cc7"},{"introduced":"c235de12ae3723b96944337bd89ad9cc87f21d8f"},{"fixed":"b1d72f1722f6a026f8e4496822802ca3c65c76be"},{"introduced":"9664240c948a92c22ccda0e1f5a420eb776ddcb1"},{"fixed":"2dfb4a8abe3af501f8a6780ed782a2eee5e6f6d5"},{"introduced":"20ae591abd0bfe1bfaee546989ee163f4ef832b1"},{"fixed":"bad2f1569da57c4a81cc84ec2f4a79924df9c8d6"}],"database_specific":{"versions":[{"introduced":"5.5.0"},{"fixed":"5.5.62"},{"introduced":"10.0.0"},{"fixed":"10.0.37"},{"introduced":"10.1.0"},{"fixed":"10.1.36"},{"introduced":"10.2.0"},{"fixed":"10.2.18"},{"introduced":"10.3.0"},{"fixed":"10.3.10"}]}},{"type":"GIT","repo":"https://github.com/mysql/mysql-server","events":[{"introduced":"0"},{"last_affected":"4789962c2f451b9bc7e9a1c29598bdea144edc47"},{"introduced":"0"},{"last_affected":"d2029238d6d9f648077664e4cdd611e231a6dc14"},{"introduced":"270fd3411e3d671a73ed9725940a30080f59ce6d"},{"last_affected":"e4924f36486f971f8a04252e01c803457a2c72f7"},{"introduced":"0"},{"last_affected":"270fd3411e3d671a73ed9725940a30080f59ce6d"},{"introduced":"0"},{"last_affected":"ea1efa9822d81044b726aab20c857d5e1b7e046a"},{"introduced":"0"},{"last_affected":"87307d4ddd88405117e3f1e51323836d57ab1f57"},{"introduced":"0"},{"last_affected":"dc86e412f18b36ce271f791026714e8caa0ec919"},{"introduced":"0"},{"last_affected":"270fd3411e3d671a73ed9725940a30080f59ce6d"},{"introduced":"0"},{"last_affected":"87307d4ddd88405117e3f1e51323836d57ab1f57"},{"introduced":"0"},{"last_affected":"dc86e412f18b36ce271f791026714e8caa0ec919"},{"introduced":"0"},{"last_affected":"87307d4ddd88405117e3f1e51323836d57ab1f57"},{"introduced":"0"},{"last_affected":"dc86e412f18b36ce271f791026714e8caa0ec919"},{"introduced":"0"},{"last_affected":"270fd3411e3d671a73ed9725940a30080f59ce6d"}],"database_specific":{"versions":[{"introduced":"5.6.0"},{"last_affected":"5.6.42"},{"introduced":"5.7.0"},{"last_affected":"5.7.24"},{"introduced":"8.0.0"},{"last_affected":"8.0.13"},{"introduced":"0"},{"last_affected":"8.0"},{"introduced":"0"},{"last_affected":"8.1"},{"introduced":"0"},{"last_affected":"8.2"},{"introduced":"0"},{"last_affected":"8.4"},{"introduced":"0"},{"last_affected":"8.0"},{"introduced":"0"},{"last_affected":"8.2"},{"introduced":"0"},{"last_affected":"8.4"},{"introduced":"0"},{"last_affected":"8.2"},{"introduced":"0"},{"last_affected":"8.4"},{"introduced":"0"},{"last_affected":"8.0"}]}}],"versions":["mariadb-10.1.0","mysql-5.5.42","mysql-5.5.43","mysql-5.5.44","mysql-5.5.45","mysql-5.5.46","mysql-5.5.47","mysql-5.5.48","mysql-5.5.49","mysql-5.5.50","mysql-5.5.51","mysql-5.5.52","mysql-5.5.53","mysql-5.5.54","mysql-5.5.55","mysql-5.5.56","mysql-5.5.57","mysql-5.5.58","mysql-5.5.59","mysql-5.5.60","mysql-5.5.61","mysql-5.5.62","mysql-5.6.33","mysql-5.6.34","mysql-5.6.35","mysql-5.6.36","mysql-5.6.37","mysql-5.6.38","mysql-5.6.39","mysql-5.6.40","mysql-5.6.41","mysql-5.6.42","mysql-8.0.0"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","deprecated":false,"source":"https://github.com/mariadb/server/commit/bac287c315b1792e7ae33f91add6a60292f9bae8","signature_type":"Line","target":{"file":"mysys/mf_iocache2.c"},"id":"CVE-2019-2503-31d9682c","digest":{"line_hashes":["160075039351122944864225182554874669088","79298247766313756764199076124200846221","45115464249083926102003093201691213873","234850493844753889546639429561578022423","28144202877714812540506170033579428584","64207172708277179404454160631042475789","237722189373658064007831416036979490253","40893712863390563503154152743217547031","117668516850458519561463813363427354257","157614703768094946194775545036620441701","15967427616295603339113842507058398295","104723310754908331401965919169681994802","128841576046909535802914848653453387150","284907253619130800196406482515430948114","58255352786302269574555313408484604557","157514477970302582442983000214658193991","49411501730675364796830781016823824091","156754744226265852277547691043485091575","151934133497638100292742275943448330976","10181848583206569474669288713374153883","247129231873868569546561042046461048482"],"threshold":0.9}},{"signature_version":"v1","deprecated":false,"source":"https://github.com/mariadb/server/commit/bad2f1569da57c4a81cc84ec2f4a79924df9c8d6","signature_type":"Function","target":{"file":"sql/sql_truncate.cc","function":"Sql_cmd_truncate_table::truncate_table"},"id":"CVE-2019-2503-72121355","digest":{"function_hash":"308253576018065477432791791193588044020","length":1331}},{"signature_version":"v1","deprecated":false,"source":"https://github.com/mariadb/server/commit/bad2f1569da57c4a81cc84ec2f4a79924df9c8d6","signature_type":"Line","target":{"file":"sql/sql_truncate.cc"},"id":"CVE-2019-2503-ed6762dc","digest":{"line_hashes":["233329946525851308164343744210653883501","204742638511364347075405366020716870838","164974133903162645092052012131298403240"],"threshold":0.9}},{"signature_version":"v1","deprecated":false,"source":"https://github.com/mariadb/server/commit/bad2f1569da57c4a81cc84ec2f4a79924df9c8d6","signature_type":"Line","target":{"file":"sql/sql_class.h"},"id":"CVE-2019-2503-f33e8bff","digest":{"line_hashes":["284485189603290621779676875043266591403","132605580046284372650070224531900132128","302718530449704346344600505888277165066","55767056226081983856624214715648615778"],"threshold":0.9}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-2503.json","unresolved_ranges":[{"events":[{"introduced":"7.3"}]},{"events":[{"introduced":"9.5"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.10"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.6"}]},{"events":[{"introduced":"0"},{"last_affected":"8.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H"}]}