{"api_version":"1","generated_at":"2026-06-10T13:56:27+00:00","cve":"CVE-2019-2708","urls":{"html":"https://cve.report/CVE-2019-2708","api":"https://cve.report/api/cve/CVE-2019-2708.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-2708","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-2708"},"summary":{"title":"CVE-2019-2708","description":"Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).","state":"PUBLIC","assigner":"secalert_us@oracle.com","published_at":"2019-04-23 19:32:00","updated_at":"2023-11-07 03:09:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","refsource":"MISC","tags":["Patch","Vendor Advisory"],"title":"Oracle Critical Patch Update - April 2019","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQFKX6NKU2DCW5CTCHQSOJJDFVRVTPO6/","name":"FEDORA-2020-62d2ff9fa8","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: libdb-5.3.28-45.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQFKX6NKU2DCW5CTCHQSOJJDFVRVTPO6/","name":"FEDORA-2020-62d2ff9fa8","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: libdb-5.3.28-45.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-2708","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2708","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"2708","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"berkeley_db","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"2708","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"berkeley_db","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-2708","qid":"159202","title":"Oracle Enterprise Linux Security Update for libdb (ELSA-2021-1675)"},{"cve":"CVE-2019-2708","qid":"239321","title":"Red Hat Update for libdb (RHSA-2021:1675)"},{"cve":"CVE-2019-2708","qid":"377333","title":"Alibaba Cloud Linux Security Update for libdb (ALINUX3-SA-2022:0092)"},{"cve":"CVE-2019-2708","qid":"672073","title":"EulerOS Security Update for libdb (EulerOS-SA-2022-2274)"},{"cve":"CVE-2019-2708","qid":"672091","title":"EulerOS Security Update for libdb (EulerOS-SA-2022-2294)"},{"cve":"CVE-2019-2708","qid":"672108","title":"EulerOS Security Update for libdb (EulerOS-SA-2022-2323)"},{"cve":"CVE-2019-2708","qid":"752826","title":"SUSE Enterprise Linux Security Update for libdb-4_8 (SUSE-SU-2022:4214-1)"},{"cve":"CVE-2019-2708","qid":"752948","title":"SUSE Enterprise Linux Security Update for libdb-4_8 (SUSE-SU-2022:4289-1)"},{"cve":"CVE-2019-2708","qid":"900172","title":"CBL-Mariner Linux Security Update for libdb 5.3.28"},{"cve":"CVE-2019-2708","qid":"901828","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for libdb (6630-1)"},{"cve":"CVE-2019-2708","qid":"902804","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for libdb (4677)"},{"cve":"CVE-2019-2708","qid":"940332","title":"AlmaLinux Security Update for libdb (ALSA-2021:1675)"},{"cve":"CVE-2019-2708","qid":"960849","title":"Rocky Linux Security Update for libdb (RLSA-2021:1675)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secalert_us@oracle.com","ID":"CVE-2019-2708","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Oracle Berkeley DB","version":{"version_data":[{"version_value":"6.138","version_affected":"<"},{"version_value":"6.2.38","version_affected":"<"},{"version_value":"18.1.32","version_affected":"<"}]}}]},"vendor_name":"Oracle Corporation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store."}]}]},"references":{"reference_data":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","refsource":"MISC","name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"refsource":"FEDORA","name":"FEDORA-2020-62d2ff9fa8","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQFKX6NKU2DCW5CTCHQSOJJDFVRVTPO6/"}]}},"nvd":{"publishedDate":"2019-04-23 19:32:00","lastModifiedDate":"2023-11-07 03:09:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW","baseScore":3.3,"baseSeverity":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:berkeley_db:*:*:*:*:*:*:*:*","versionEndExcluding":"6.138","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"2708","Ordinal":"139724","Title":"CVE-2019-2708","CVE":"CVE-2019-2708","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"2708","Ordinal":"1","NoteData":"Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).","Type":"Description","Title":null},{"CveYear":"2019","CveId":"2708","Ordinal":"2","NoteData":"2019-04-23","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"2708","Ordinal":"3","NoteData":"2020-12-15","Type":"Other","Title":"Modified"}]}}}