Vulnerabilities > CVE-2019-2920

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
LOW
network
low complexity
oracle
canonical
nessus

Summary

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 5.3.13 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4195-1.NASL
    descriptionMultiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.18 in Ubuntu 19.10. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.28. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-28.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-18.html https://www.oracle.com/security-alerts/cpuoct2019.html Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131161
    published2019-11-20
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131161
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : mysql-5.7, mysql-8.0 vulnerabilities (USN-4195-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-3_0-0082_MYSQL.NASL
    descriptionAn update of the mysql package has been released.
    last seen2020-05-08
    modified2020-04-22
    plugin id135872
    published2020-04-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135872
    titlePhoton OS 3.0: Mysql PHSA-2020-3.0-0082
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_FC91F2EFFD7B11E9A1C7B499BAEBFEAF.NASL
    descriptionOracle reports : This Critical Patch Update contains 31 new security fixes for Oracle MySQL. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
    last seen2020-06-01
    modified2020-06-02
    plugin id130496
    published2019-11-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130496
    titleFreeBSD : MySQL -- Multiple vulerabilities (fc91f2ef-fd7b-11e9-a1c7-b499baebfeaf)
  • NASL familyMisc.
    NASL idORACLE_MYSQL_CONNECTORS_CPU_OCT_2019.NASL
    descriptionThe version of Oracle MySQL Connectors installed on the remote host is 8.0.x prior to 8.0.18 or 5.3.x prior to 5.3.14. It is, therefore, affected by the following vulnerabilities as noted in the October 2019 Critical Patch Update advisory: - An unspecified, remote security vulnerability in the Connector/ODBC component of Oracle MySQL Connectors. (CVE-2019-2920) - A vulnerability in the OpenSSL subcomponent of the Connector/ODBC component of Oracle MySQL Connectors caused by the ability to set variable nonce lengths in the ChaCha20-Poly1305 AEAD cipher. This could allow an unauthenticated, remote attacker to affect data confidentiality and integrity. (CVE-2019-1543) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id129974
    published2019-10-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129974
    titleOracle MySQL Connectors Multiple Vulnerabilities (Oct 2019 CPU)