exploitDog

CVE-2019-5278

Опубликовано: 13 дек. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash.

Ссылки

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-gauss100-en
Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-gauss100-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:huawei:campusinsight:v100r019c00:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.0024

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-v7mh-vm24-5fjf

CVSS3: 6.5

github

больше 3 лет назад

There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash.

EPSS

Процентиль: 47%

0.0024

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-125