What is the severity of CVE-2019-2507?

The severity of CVE-2019-2507 is medium with a severity value of 4.9.

Which versions of MySQL are affected by CVE-2019-2507?

MySQL versions 5.6.42 and prior, 5.7.24 and prior, and 8.0.13 and prior are affected by CVE-2019-2507.

How can an attacker exploit CVE-2019-2507?

An attacker can exploit CVE-2019-2507 by leveraging high privileges and network access via multiple protocols.

Is there a fix available for CVE-2019-2507?

Yes, the fix for CVE-2019-2507 is available in MySQL versions 5.6.43, 5.7.25, and 8.0.14.

Where can I find more information about CVE-2019-2507?

More information about CVE-2019-2507 can be found on the Oracle website and Red Hat Bugzilla.

Vulnerability/
CVE-2019-2507

medium

4.9

16/1/2019

16/2/2021

CVE-2019-2507

First published: Wed Jan 16 2019(Updated: )

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Credit: secalert_us@oracle.com secalert_us@oracle.com

Affected Software	Affected Version	How to fix
	>=5.6.0<=5.6.42
	>=5.7.0<=5.7.24
	>=8.0.0<=8.0.13
Oracle MySQL	>=5.6.0<=5.6.42
Oracle MySQL	>=5.7.0<=5.7.24
Oracle MySQL	>=8.0.0<=8.0.13
redhat/mysql	<5.6.43	5.6.43
redhat/mysql	<5.7.25	5.7.25
redhat/mysql	<8.0.14	8.0.14
debian/mysql-5.7
ubuntu/mysql-5.6	<5.6.43	5.6.43
ubuntu/mysql-5.7	<5.7.25-0ubuntu0.18.04.2	5.7.25-0ubuntu0.18.04.2
ubuntu/mysql-5.7	<5.7.25-0ubuntu0.18.10.2	5.7.25-0ubuntu0.18.10.2
ubuntu/mysql-5.7	<5.7.25-1	5.7.25-1
ubuntu/mysql-5.7	<5.7.25	5.7.25
ubuntu/mysql-5.7	<5.7.25-0ubuntu0.16.04.2	5.7.25-0ubuntu0.16.04.2

Remedy

http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-3867-1

Frequently Asked Questions

What is the severity of CVE-2019-2507?
The severity of CVE-2019-2507 is medium with a severity value of 4.9.
Which versions of MySQL are affected by CVE-2019-2507?
MySQL versions 5.6.42 and prior, 5.7.24 and prior, and 8.0.13 and prior are affected by CVE-2019-2507.
How can an attacker exploit CVE-2019-2507?
An attacker can exploit CVE-2019-2507 by leveraging high privileges and network access via multiple protocols.
Is there a fix available for CVE-2019-2507?
Yes, the fix for CVE-2019-2507 is available in MySQL versions 5.6.43, 5.7.25, and 8.0.14.
Where can I find more information about CVE-2019-2507?
More information about CVE-2019-2507 can be found on the Oracle website and Red Hat Bugzilla.

collector/nvd-index
agent/type
agent/author
agent/last-modified-date
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-2507
agent/remedy
agent/severity
agent/references
agent/softwarecombine
collector/nvd-cve
source/NVD
agent/description
agent/tags
agent/event
collector/usn-cve
source/Ubuntu
vendor/oracle
canonical/oracle mysql
version/oracle mysql/5.6.0
version/oracle mysql/5.6.42
version/oracle mysql/5.7.0
version/oracle mysql/5.7.24
version/oracle mysql/8.0.0
version/oracle mysql/8.0.13
package-manager/debian
package-manager/redhat
package-manager/ubuntu