CVE-2019-5278

There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash.

Published: Dec 13, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-5278
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
huawei / campusinsight	100r019c00	100r019c00.x

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-gauss100-en

Vulnerability Database

289,697

CVE-2019-5278