Denial of service in MySQL Server

#VU17025 Denial of service in MySQL Server

Published: 2019-01-17

Vulnerability identifier: #VU17025

Vulnerability risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-2529

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
MySQL Server
Server applications / Database software

Vendor: Oracle

Description
The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Mitigation
Install update from vendor's website.

Vulnerable software versions

MySQL Server: 8.0.13, 5.6.0 - 5.6.42, 5.7.0 - 5.7.24

External links
http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition

Multiple vulnerabilities in Dell EMC Data Computing Appliance (DCA)

Red Hat Enterprise Linux 7 update for mariadb

Amazon Linux AMI update for mysql56

Amazon Linux AMI update for mysql57

Denial of service in mariadb (Alpine package)

OpenSUSE Linux update for mysql-community-server

Slackware Linux update for mariadb

Ubuntu update for MySQL

Multiple vulnerabilities in Oracle MySQL