{"id":"CVE-2019-2627","details":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","modified":"2026-04-16T00:05:19.125559110Z","published":"2019-04-23T19:32:52.333Z","related":["ALSA-2019:2511","ALSA-2019:3708","CGA-3p3p-2rj7-cg46","SUSE-RU-2023:3956-1","SUSE-RU-2023:4991-1","SUSE-SU-2019:2020-1","SUSE-SU-2019:2330-1","SUSE-SU-2019:2461-1","SUSE-SU-2019:2687-1","SUSE-SU-2019:2867-1","SUSE-SU-2019:3270-1","openSUSE-SU-2019:1913-1","openSUSE-SU-2019:1915-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","extracted_events":[{"last_affected":"14.04"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","extracted_events":[{"last_affected":"16.04"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","extracted_events":[{"last_affected":"18.04"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"18.10"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"19.04"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"15.0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"15.1"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.6"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.6"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.6"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.0"}]}]},"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2327"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2484"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2511"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3708"},{"type":"ADVISORY","url":"https://support.f5.com/csp/article/K32798641"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3957-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3957-2/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3957-3/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4070-3/"},{"type":"FIX","url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"5bfe1a3917ee1bddc7f2cde0c88961875148873c"},{"fixed":"926446880f937568eaae9a9671193d9d652f7bf9"},{"introduced":"c235de12ae3723b96944337bd89ad9cc87f21d8f"},{"fixed":"e9da78ee92c3f44b341a1a68504da72494a684b9"},{"introduced":"9664240c948a92c22ccda0e1f5a420eb776ddcb1"},{"fixed":"e0271a7b43c6df652c6a074858853a6d0da20c1e"},{"introduced":"20ae591abd0bfe1bfaee546989ee163f4ef832b1"},{"fixed":"07aef9f7eb936de2b277f8ae209a1fd72510c011"},{"introduced":"c761b43451d54eeeecdf3c102906fcce88d4e9d9"},{"fixed":"dafe41edead86785908f38093833f84994d312b9"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"5.5.0"},{"fixed":"5.5.64"},{"introduced":"10.1.0"},{"fixed":"10.1.39"},{"introduced":"10.2.0"},{"fixed":"10.2.24"},{"introduced":"10.3.0"},{"fixed":"10.3.15"},{"introduced":"10.4.0"},{"fixed":"10.4.5"}]}}],"versions":["mariadb-10.1.0","mariadb-10.1.10","mariadb-10.1.11","mariadb-10.1.12","mariadb-10.1.13","mariadb-10.1.14","mariadb-10.1.15","mariadb-10.1.16","mariadb-10.1.17","mariadb-10.1.18","mariadb-10.1.19","mariadb-10.1.2","mariadb-10.1.20","mariadb-10.1.21","mariadb-10.1.22","mariadb-10.1.23","mariadb-10.1.24","mariadb-10.1.25","mariadb-10.1.26","mariadb-10.1.27","mariadb-10.1.28","mariadb-10.1.29","mariadb-10.1.3","mariadb-10.1.30","mariadb-10.1.31","mariadb-10.1.32","mariadb-10.1.33","mariadb-10.1.34","mariadb-10.1.35","mariadb-10.1.37","mariadb-10.1.38","mariadb-10.1.4","mariadb-10.1.5","mariadb-10.1.6","mariadb-10.1.7","mariadb-10.1.8","mariadb-10.1.9","mariadb-10.2.0","mariadb-10.2.1","mariadb-10.2.10","mariadb-10.2.11","mariadb-10.2.12","mariadb-10.2.13","mariadb-10.2.14","mariadb-10.2.15","mariadb-10.2.16","mariadb-10.2.18","mariadb-10.2.19","mariadb-10.2.2","mariadb-10.2.20","mariadb-10.2.21","mariadb-10.2.22","mariadb-10.2.23","mariadb-10.2.5","mariadb-10.3.0","mariadb-10.3.1","mariadb-10.3.10","mariadb-10.3.12","mariadb-10.3.2","mariadb-10.3.4","mariadb-10.3.5","mariadb-10.3.6","mariadb-10.3.7","mariadb-10.4.3","mariadb-10.4.4"],"database_specific":{"vanir_signatures":[{"digest":{"length":1244,"function_hash":"30864953543602198811296332068878449409"},"source":"https://github.com/mariadb/server/commit/e0271a7b43c6df652c6a074858853a6d0da20c1e","target":{"function":"ReadView::copy_trx_ids","file":"storage/innobase/read/read0read.cc"},"signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2019-2627-06a0405c"},{"digest":{"line_hashes":["35614137147375894626502880677377363780","122052696725266788896869039601038402686","293377935073574720829128764736472844946","167965411673279105705585807680030437061","266603145449483856623461404176212719257"],"threshold":0.9},"source":"https://github.com/mariadb/server/commit/dafe41edead86785908f38093833f84994d312b9","target":{"file":"sql/sql_lex.h"},"signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2019-2627-0dd0f863"},{"digest":{"length":391,"function_hash":"146836235239953936328054517088141581974"},"source":"https://github.com/mariadb/server/commit/dafe41edead86785908f38093833f84994d312b9","target":{"function":"LEX::tvc_finalize","file":"sql/sql_lex.cc"},"signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2019-2627-8bfeccdd"},{"signature_type":"Line","source":"https://github.com/mariadb/server/commit/e0271a7b43c6df652c6a074858853a6d0da20c1e","target":{"file":"storage/innobase/read/read0read.cc"},"id":"CVE-2019-2627-c91b6742","digest":{"line_hashes":["156634800554884495446330094557232958377","168397655013066527752518582445523875487","290347820109510294764638399905679308806","206365973994183525994886060669110769589","166720579752236146865871920350114961297","306650630762418418721982678073736125645"],"threshold":0.9},"deprecated":false,"signature_version":"v1"},{"signature_version":"v1","source":"https://github.com/mariadb/server/commit/dafe41edead86785908f38093833f84994d312b9","target":{"file":"sql/sql_lex.cc"},"signature_type":"Line","id":"CVE-2019-2627-f2314939","deprecated":false,"digest":{"line_hashes":["289662297992501361039647906031453238828","176760439508042425835580669563349565307","285494534621033236084515116348726394079","121210683030609995759340620170413561067","275470151517776533418475462189387162792","46542273163868525327665502310530439349","279854327747375399083464770496018559080","316133715060878810092970688186561308833","30643414520111612926122160161462168508","334130452423483110413402172678041061256","101459577499695099677624330976441548462","68046667759057070749362613090761245349","228465855048822438116905542545359296222","195095645378905670131589847820292137961","166860501190134978308827341691461462196","109562961068628259064569091511245042739","237958229097770996199772044610018923034","156025133306186755386121472826877823306","29173571133395472147420317618754057157","41998047607859962631608323032578004279","259481685318510766867653707199646928326","129002958763276713567655384786558266771","189763546972384893969927328099760967726","243066557008648720990173078176898805543","117568643014400755725842292661113565137","161280706266050005885499355829171049518","279822636661998058206950324809291605126","283300425575385071198722780597958908050","178965977189753642278983228994051710031","147860199827877033926307381510495262497","140811996561599798928818330467681499734"],"threshold":0.9}},{"digest":{"length":365,"function_hash":"98021950905818865579049360185120295063"},"source":"https://github.com/mariadb/server/commit/dafe41edead86785908f38093833f84994d312b9","target":{"function":"LEX::tvc_finalize_derived","file":"sql/sql_lex.cc"},"signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2019-2627-f973c92e"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-2627.json","vanir_signatures_modified":"2026-04-11T21:08:42Z"}},{"ranges":[{"type":"GIT","repo":"https://github.com/mysql/mysql-server","events":[{"introduced":"0"},{"last_affected":"67b51d50c833a8744fc600e6200175c3d8404d98"},{"last_affected":"3701bd36bec259fe494c75c9b30c57b01e598297"},{"last_affected":"ea1efa9822d81044b726aab20c857d5e1b7e046a"},{"last_affected":"87307d4ddd88405117e3f1e51323836d57ab1f57"},{"last_affected":"dc86e412f18b36ce271f791026714e8caa0ec919"},{"introduced":"270fd3411e3d671a73ed9725940a30080f59ce6d"},{"last_affected":"ca94b993454c86be248fbe180db94647488114e9"}],"database_specific":{"source":"CPE_FIELD","cpe":["cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"5.6.0"},{"last_affected":"5.6.43"},{"introduced":"5.7.0"},{"last_affected":"5.7.25"},{"introduced":"0"},{"last_affected":"8.1"},{"last_affected":"8.2"},{"last_affected":"8.4"},{"introduced":"8.0.0"},{"last_affected":"8.0.15"}]}}],"versions":["mysql-3.23.22-beta","mysql-3.23.28-gamma","mysql-3.23.30-gamma","mysql-3.23.31","mysql-3.23.32","mysql-3.23.33","mysql-3.23.36","mysql-4.0.2","mysql-4.0.4","mysql-5.1.4","mysql-5.6.40","mysql-5.6.43","mysql-5.7.25","mysql-8.0.14","mysql-8.0.15","mysql-8.1.0","mysql-8.2.0","mysql-8.4.0","mysql-cluster-8.1.0","mysql-cluster-8.2.0","mysql-cluster-8.4.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-2627.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}]}