{"id":"CVE-2019-2628","details":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","modified":"2026-04-11T09:46:10.016463Z","published":"2019-04-23T19:32:52.397Z","related":["ALSA-2019:2511","ALSA-2019:3708","CGA-f4rr-m9h3-22v2","SUSE-RU-2023:3956-1","SUSE-RU-2023:4991-1","SUSE-SU-2019:2020-1","SUSE-SU-2019:2330-1","SUSE-SU-2019:2867-1","SUSE-SU-2019:3270-1","openSUSE-SU-2019:1913-1","openSUSE-SU-2019:1915-1"],"references":[{"type":"ADVISORY","url":"https://support.f5.com/csp/article/K32798641"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3957-1/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4070-3/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2484"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2511"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3708"},{"type":"FIX","url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"9664240c948a92c22ccda0e1f5a420eb776ddcb1"},{"fixed":"e0271a7b43c6df652c6a074858853a6d0da20c1e"},{"introduced":"20ae591abd0bfe1bfaee546989ee163f4ef832b1"},{"fixed":"07aef9f7eb936de2b277f8ae209a1fd72510c011"},{"introduced":"c761b43451d54eeeecdf3c102906fcce88d4e9d9"},{"fixed":"dafe41edead86785908f38093833f84994d312b9"}],"database_specific":{"versions":[{"introduced":"10.2.0"},{"fixed":"10.2.24"},{"introduced":"10.3.0"},{"fixed":"10.3.15"},{"introduced":"10.4.0"},{"fixed":"10.4.5"}]}},{"type":"GIT","repo":"https://github.com/mysql/mysql-server","events":[{"introduced":"0"},{"last_affected":"3701bd36bec259fe494c75c9b30c57b01e598297"},{"introduced":"270fd3411e3d671a73ed9725940a30080f59ce6d"},{"last_affected":"ca94b993454c86be248fbe180db94647488114e9"},{"introduced":"0"},{"last_affected":"270fd3411e3d671a73ed9725940a30080f59ce6d"},{"introduced":"0"},{"last_affected":"ea1efa9822d81044b726aab20c857d5e1b7e046a"},{"introduced":"0"},{"last_affected":"87307d4ddd88405117e3f1e51323836d57ab1f57"},{"introduced":"0"},{"last_affected":"dc86e412f18b36ce271f791026714e8caa0ec919"},{"introduced":"0"},{"last_affected":"87307d4ddd88405117e3f1e51323836d57ab1f57"},{"introduced":"0"},{"last_affected":"dc86e412f18b36ce271f791026714e8caa0ec919"},{"introduced":"0"},{"last_affected":"87307d4ddd88405117e3f1e51323836d57ab1f57"},{"introduced":"0"},{"last_affected":"dc86e412f18b36ce271f791026714e8caa0ec919"}],"database_specific":{"versions":[{"introduced":"5.7.0"},{"last_affected":"5.7.25"},{"introduced":"8.0.0"},{"last_affected":"8.0.15"},{"introduced":"0"},{"last_affected":"8.0"},{"introduced":"0"},{"last_affected":"8.1"},{"introduced":"0"},{"last_affected":"8.2"},{"introduced":"0"},{"last_affected":"8.4"},{"introduced":"0"},{"last_affected":"8.2"},{"introduced":"0"},{"last_affected":"8.4"},{"introduced":"0"},{"last_affected":"8.2"},{"introduced":"0"},{"last_affected":"8.4"}]}}],"versions":["mariadb-10.2.0","mariadb-10.2.1","mariadb-10.2.10","mariadb-10.2.11","mariadb-10.2.12","mariadb-10.2.13","mariadb-10.2.14","mariadb-10.2.15","mariadb-10.2.16","mariadb-10.2.18","mariadb-10.2.19","mariadb-10.2.2","mariadb-10.2.20","mariadb-10.2.21","mariadb-10.2.22","mariadb-10.2.23","mariadb-10.2.5","mariadb-10.3.0","mariadb-10.3.1","mariadb-10.3.10","mariadb-10.3.12","mariadb-10.3.2","mariadb-10.3.4","mariadb-10.3.5","mariadb-10.3.6","mariadb-10.3.7","mariadb-10.4.3","mariadb-10.4.4","mysql-3.23.22-beta","mysql-3.23.28-gamma","mysql-3.23.30-gamma","mysql-3.23.31","mysql-3.23.32","mysql-3.23.33","mysql-3.23.36","mysql-4.0.2","mysql-4.0.4","mysql-5.1.4","mysql-5.7.25","mysql-8.0.0","mysql-8.0.14","mysql-8.0.15","mysql-8.1.0","mysql-8.2.0","mysql-8.4.0","mysql-cluster-8.1.0","mysql-cluster-8.2.0","mysql-cluster-8.4.0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T09:46:10Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.10"}]},{"events":[{"introduced":"0"},{"last_affected":"19.04"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.6"}]},{"events":[{"introduced":"0"},{"last_affected":"8.6"}]},{"events":[{"introduced":"0"},{"last_affected":"8.6"}]}],"vanir_signatures":[{"signature_type":"Function","target":{"file":"storage/innobase/read/read0read.cc","function":"ReadView::copy_trx_ids"},"deprecated":false,"id":"CVE-2019-2628-06a0405c","digest":{"function_hash":"30864953543602198811296332068878449409","length":1244},"signature_version":"v1","source":"https://github.com/mariadb/server/commit/e0271a7b43c6df652c6a074858853a6d0da20c1e"},{"signature_type":"Line","target":{"file":"sql/sql_lex.h"},"deprecated":false,"id":"CVE-2019-2628-0dd0f863","digest":{"threshold":0.9,"line_hashes":["35614137147375894626502880677377363780","122052696725266788896869039601038402686","293377935073574720829128764736472844946","167965411673279105705585807680030437061","266603145449483856623461404176212719257"]},"signature_version":"v1","source":"https://github.com/mariadb/server/commit/dafe41edead86785908f38093833f84994d312b9"},{"signature_type":"Function","target":{"file":"sql/sql_lex.cc","function":"LEX::tvc_finalize"},"deprecated":false,"id":"CVE-2019-2628-8bfeccdd","digest":{"function_hash":"146836235239953936328054517088141581974","length":391},"signature_version":"v1","source":"https://github.com/mariadb/server/commit/dafe41edead86785908f38093833f84994d312b9"},{"signature_type":"Line","target":{"file":"storage/innobase/read/read0read.cc"},"deprecated":false,"id":"CVE-2019-2628-c91b6742","digest":{"threshold":0.9,"line_hashes":["156634800554884495446330094557232958377","168397655013066527752518582445523875487","290347820109510294764638399905679308806","206365973994183525994886060669110769589","166720579752236146865871920350114961297","306650630762418418721982678073736125645"]},"signature_version":"v1","source":"https://github.com/mariadb/server/commit/e0271a7b43c6df652c6a074858853a6d0da20c1e"},{"signature_type":"Line","target":{"file":"sql/sql_lex.cc"},"deprecated":false,"id":"CVE-2019-2628-f2314939","digest":{"threshold":0.9,"line_hashes":["289662297992501361039647906031453238828","176760439508042425835580669563349565307","285494534621033236084515116348726394079","121210683030609995759340620170413561067","275470151517776533418475462189387162792","46542273163868525327665502310530439349","279854327747375399083464770496018559080","316133715060878810092970688186561308833","30643414520111612926122160161462168508","334130452423483110413402172678041061256","101459577499695099677624330976441548462","68046667759057070749362613090761245349","228465855048822438116905542545359296222","195095645378905670131589847820292137961","166860501190134978308827341691461462196","109562961068628259064569091511245042739","237958229097770996199772044610018923034","156025133306186755386121472826877823306","29173571133395472147420317618754057157","41998047607859962631608323032578004279","259481685318510766867653707199646928326","129002958763276713567655384786558266771","189763546972384893969927328099760967726","243066557008648720990173078176898805543","117568643014400755725842292661113565137","161280706266050005885499355829171049518","279822636661998058206950324809291605126","283300425575385071198722780597958908050","178965977189753642278983228994051710031","147860199827877033926307381510495262497","140811996561599798928818330467681499734"]},"signature_version":"v1","source":"https://github.com/mariadb/server/commit/dafe41edead86785908f38093833f84994d312b9"},{"signature_type":"Function","target":{"file":"sql/sql_lex.cc","function":"LEX::tvc_finalize_derived"},"deprecated":false,"id":"CVE-2019-2628-f973c92e","digest":{"function_hash":"98021950905818865579049360185120295063","length":365},"signature_version":"v1","source":"https://github.com/mariadb/server/commit/dafe41edead86785908f38093833f84994d312b9"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-2628.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}]}