First published: Fri Dec 13 2019(Updated: )
There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Campusinsight | =v100r019c00 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-5278 vulnerability is medium with a severity value of 6.5.
The CVE-2019-5278 vulnerability affects Huawei CampusInsight before V100R019C00SPC200.
The impact of CVE-2019-5278 vulnerability is an out-of-bounds read vulnerability that allows attackers with specific permission to send elaborate SQL statements to the database.
To fix the CVE-2019-5278 vulnerability, update CampusInsight to version V100R019C00SPC200 or later.
Yes, you can find more information about the CVE-2019-5278 vulnerability in the security advisory published by Huawei.