Improper input validation in MySQL Connectors

#VU26948 Improper input validation in MySQL Connectors

Published: 2020-04-15

Vulnerability identifier: #VU26948

Vulnerability risk: Low

CVSSv3.1: 2 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2933

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
MySQL Connectors
Hardware solutions / Drivers

Vendor: Oracle

Description

The vulnerability allows a remote privileged user to perform service disruption.

The vulnerability exists due to improper input validation within the Connector/J component in MySQL Connectors. A remote privileged user can exploit this vulnerability to perform service disruption.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

MySQL Connectors: 5.1.0 - 5.1.48

External links
http://www.oracle.com/security-alerts/cpuapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for mysql-connector-java

Gentoo update for MySQL

Debian update for mysql-connector-java

Multiple vulnerabilities in MySQL Connectors