{"id":"CVE-2020-2901","details":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","modified":"2026-05-18T18:04:08.950614Z","published":"2020-04-15T14:15:34.640Z","related":["ALSA-2020:3732","CGA-3ccx-7cvg-fr2w"],"database_specific":{"unresolved_ranges":[{"vendor_product":"canonical:ubuntu_linux","extracted_events":[{"last_affected":"16.04"},{"last_affected":"18.04"},{"last_affected":"19.10"},{"last_affected":"20.04"}],"source":"CPE_FIELD","cpes":["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*"]},{"vendor_product":"fedoraproject:fedora","extracted_events":[{"last_affected":"30"},{"last_affected":"31"},{"last_affected":"32"}],"source":"CPE_FIELD","cpes":["cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"]},{"vendor_product":"netapp:active_iq_unified_manager","extracted_events":[{"introduced":"7.3"},{"introduced":"9.5"}],"source":"CPE_FIELD","cpes":["cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*","cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*"]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202105-27"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200416-0003/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4350-1/"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mysql/mysql-server","events":[{"introduced":"0"},{"fixed":"473109fb8c9de18d40960f87f8140c71a0d01dd6"},{"fixed":"bd9c260cf7026a54d9bf91ce6782cdb4e6a25c71"},{"introduced":"270fd3411e3d671a73ed9725940a30080f59ce6d"},{"fixed":"ea7d2e2d16ac03afdd9cb72a972a95981107bf51"}],"database_specific":{"extracted_events":[{"introduced":"5.6.0"},{"fixed":"5.6.47"},{"introduced":"5.7.0"},{"fixed":"5.7.29"},{"introduced":"8.0.0"},{"fixed":"8.0.19"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*"}}],"versions":["mysql-5.6.45","mysql-5.6.40","mysql-5.1.4","mysql-4.0.4","mysql-4.0.2","mysql-3.23.36","mysql-3.23.33","mysql-3.23.32","mysql-3.23.31","mysql-3.23.30-gamma","mysql-3.23.28-gamma","mysql-3.23.22-beta"],"database_specific":{"vanir_signatures_modified":"2026-05-18T18:04:08Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-2901.json","vanir_signatures":[{"deprecated":false,"source":"https://github.com/mysql/mysql-server/commit/ea7d2e2d16ac03afdd9cb72a972a95981107bf51","id":"CVE-2020-2901-7ba491c1","digest":{"length":623,"function_hash":"268414797295401743171423323680366405200"},"signature_version":"v1","target":{"file":"storage/innobase/lob/lob0lob.cc","function":"ref_t::mark_not_partially_updatable"},"signature_type":"Function"},{"deprecated":false,"source":"https://github.com/mysql/mysql-server/commit/ea7d2e2d16ac03afdd9cb72a972a95981107bf51","id":"CVE-2020-2901-85335a60","digest":{"line_hashes":["178328081134631892205165699778675444929","297069519883944742228860306989667015308","271109606063349901820849047573123524993"],"threshold":0.9},"signature_version":"v1","target":{"file":"storage/innobase/lob/lob0lob.cc"},"signature_type":"Line"},{"deprecated":false,"source":"https://github.com/mysql/mysql-server/commit/ea7d2e2d16ac03afdd9cb72a972a95981107bf51","id":"CVE-2020-2901-ba81527a","digest":{"length":3285,"function_hash":"332510893913262879819453630442491115668"},"signature_version":"v1","target":{"file":"storage/innobase/lob/lob0purge.cc","function":"purge"},"signature_type":"Function"},{"deprecated":false,"source":"https://github.com/mysql/mysql-server/commit/ea7d2e2d16ac03afdd9cb72a972a95981107bf51","id":"CVE-2020-2901-d821719f","digest":{"line_hashes":["180778886619526508923404944111269113775","147316919537316689965784322676330417174","5239905161954509642413945198745085468","17024492428593150706336629452115852309","104965365280811678162014628868762321369","282655202815067031575135368237605253571","200985396871617803559027719623855045437"],"threshold":0.9},"signature_version":"v1","target":{"file":"storage/innobase/lob/lob0purge.cc"},"signature_type":"Line"},{"deprecated":false,"source":"https://github.com/mysql/mysql-server/commit/ea7d2e2d16ac03afdd9cb72a972a95981107bf51","id":"CVE-2020-2901-e9f11d86","digest":{"line_hashes":["283235786766717374315559903386315292221","192355070266660537871885306096569471401","43630985206282853845868250559889278152","172939939025117458516457434116810536184"],"threshold":0.9},"signature_version":"v1","target":{"file":"storage/innobase/include/lob0lob.h"},"signature_type":"Line"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}]}