{"api_version":"1","generated_at":"2026-04-23T09:52:20+00:00","cve":"CVE-2019-5278","urls":{"html":"https://cve.report/CVE-2019-5278","api":"https://cve.report/api/cve/CVE-2019-5278.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-5278","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-5278"},"summary":{"title":"CVE-2019-5278","description":"There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash.","state":"PUBLIC","assigner":"psirt@huawei.com","published_at":"2019-12-13 22:15:00","updated_at":"2019-12-19 20:23:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-gauss100-en","name":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-gauss100-en","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security Advisory - Out-of-bounds Read Vulnerability in Advanced Packages of Gauss100 OLTP Database","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-5278","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5278","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"5278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"huawei","cpe5":"campusinsight","cpe6":"v100r019c00","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5278","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"huawei","cpe5":"campusinsight","cpe6":"v100r019c00","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2019-5278","ASSIGNER":"psirt@huawei.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"CampusInsight","version":{"version_data":[{"version_value":"V100R019C00"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Out-of-bounds Read"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-gauss100-en","url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-gauss100-en"}]},"description":{"description_data":[{"lang":"eng","value":"There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash."}]}},"nvd":{"publishedDate":"2019-12-13 22:15:00","lastModifiedDate":"2019-12-19 20:23:00","problem_types":["CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:huawei:campusinsight:v100r019c00:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"5278","Ordinal":"142894","Title":"CVE-2019-5278","CVE":"CVE-2019-5278","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"5278","Ordinal":"1","NoteData":"There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"5278","Ordinal":"2","NoteData":"2019-12-13","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"5278","Ordinal":"3","NoteData":"2019-12-13","Type":"Other","Title":"Modified"}]}}}