CVE-2019-2503External Control of File Name or Path in Oracle Mysql

CWE-73External Control of File Name or PathCWE-282Improper Ownership Management14 documents8 sources
Severity
6.4MEDIUMNVD
EPSS
0.2%
top 63.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
MariadbOracle MysqlOracle Corporation Mysql Server+8 more
Timeline
PublishedJan 16
Latest updateOct 22

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or c

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages7 packages

CVEListV5oracle_corporation/mysql_server5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior+2
NVDoracle/mysql5.6.05.6.42+2
NVDmariadb/mariadb5.5.05.5.62+4

Also affects: Ubuntu Linux 16.04, 18.04, 18.10, Enterprise Linux 8.1, 8.2, 8.4, 8.6

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server2025-10-22
GHSA
GHSA-px7j-2qhq-c538: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling)2022-05-13
CVEList
CVE-2019-2503: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling)2019-01-16
OSV
CVE-2019-2503: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling)2019-01-16

📋Vendor Advisories

3
Red Hat
mariadb: Named pipe permission issue on Windows2020-11-18
Ubuntu
MySQL vulnerabilities2019-01-23
Red Hat
mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019)2019-01-15

💬Community

6
Bugzilla
CVE-2019-2420 CVE-2019-2434 CVE-2019-2436 CVE-2019-2455 CVE-2019-2481 CVE-2019-2482 CVE-2019-2486 CVE-2019-2494 CVE-2019-2495 CVE-2019-2502 CVE-2019-2503 CVE-2019-2507 CVE-2019-2510 CVE-2019-2528 ... 2019-01-16
Bugzilla
CVE-2019-2420 CVE-2019-2434 CVE-2019-2455 CVE-2019-2481 CVE-2019-2482 CVE-2019-2486 CVE-2019-2503 CVE-2019-2507 CVE-2019-2510 CVE-2019-2528 CVE-2019-2529 CVE-2019-2531 CVE-2019-2532 CVE-2019-2534 CVE-2019-01-16
Bugzilla
CVE-2019-2420 CVE-2019-2434 CVE-2019-2455 CVE-2019-2481 CVE-2019-2482 CVE-2019-2486 CVE-2019-2503 CVE-2019-2507 CVE-2019-2510 CVE-2019-2528 CVE-2019-2529 CVE-2019-2531 CVE-2019-2532 CVE-2019-2534 ... 2019-01-16
Bugzilla
CVE-2019-2420 CVE-2019-2434 CVE-2019-2436 CVE-2019-2455 CVE-2019-2481 CVE-2019-2482 CVE-2019-2486 CVE-2019-2494 CVE-2019-2495 CVE-2019-2502 CVE-2019-2503 CVE-2019-2507 CVE-2019-2510 CVE-2019-2528 ... 2019-01-16
Bugzilla
CVE-2019-2503 mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019)2019-01-16
CVE-2019-2503 — External Control of File Name or Path | cvebase