CVE-2019-5289Out-of-bounds Read in Huawei Manageone

CWE-125Out-of-bounds Read3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 51.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Manageone
Timeline
PublishedNov 13
Latest updateMay 24

Description

Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet length. Attackers can construct invalid packets to attack the active and standby communication channels. Successful exploit of this vulnerability could allow the attacker to crash the database on the standby node.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5huawei/manageone6.5.0
NVDhuawei/manageone6.5.0

🔴Vulnerability Details

2
GHSA
GHSA-4g65-5v3f-q9xx: Gauss100 OLTP database in ManageOne with versions of 62022-05-24
CVEList
CVE-2019-5289: Gauss100 OLTP database in ManageOne with versions of 62019-11-13
CVE-2019-5289 — Out-of-bounds Read in Huawei Manageone | cvebase