Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-31622 (GCVE-0-2022-31622)
Vulnerability from cvelistv5 – Published: 2022-05-25 00:00 – Updated: 2024-08-03 07:26 Disputed
VLAI?
EPSS
Summary
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jira.mariadb.org/browse/MDEV-26561?filter=-2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220707-0006/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jira.mariadb.org/browse/MDEV-26574"
},
{
"tags": [
"x_transferred"
],
"url": "https://jira.mariadb.org/browse/MDEV-26561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-02T22:07:56.504Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://jira.mariadb.org/browse/MDEV-26561?filter=-2"
},
{
"url": "https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220707-0006/"
},
{
"url": "https://jira.mariadb.org/browse/MDEV-26574"
},
{
"url": "https://jira.mariadb.org/browse/MDEV-26561"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31622",
"datePublished": "2022-05-25T00:00:00.000Z",
"dateReserved": "2022-05-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:26:01.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-31622",
"date": "2026-05-19",
"epss": "0.00034",
"percentile": "0.1017"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.2.42\", \"matchCriteriaId\": \"CE9ABE9C-698E-4289-9C3B-F4FBA550582D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.3.0\", \"versionEndExcluding\": \"10.3.33\", \"matchCriteriaId\": \"F8EB13E9-AFD7-4E82-A471-61201460CAC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.4.0\", \"versionEndExcluding\": \"10.4.23\", \"matchCriteriaId\": \"3EFE42EF-DB07-4DD4-A40C-6DD6A7D1E6DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.5.0\", \"versionEndExcluding\": \"10.5.14\", \"matchCriteriaId\": \"E3C63CE6-6B86-4C48-8D30-DC74CA83C5EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.6.0\", \"versionEndExcluding\": \"10.6.6\", \"matchCriteriaId\": \"09ADA35C-125F-4970-ACB7-36A9CC3516BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.7.0\", \"versionEndExcluding\": \"10.7.2\", \"matchCriteriaId\": \"E0435104-B0F9-4997-A769-36821689DF45\"}]}]}]",
"cveTags": "[{\"sourceIdentifier\": \"cve@mitre.org\", \"tags\": [\"disputed\"]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.\"}, {\"lang\": \"es\", \"value\": \"MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegaci\\u00f3n de servicio. En el archivo extra/mariabackup/ds_compress.cc, cuando es producido un error (pthread_create devuelve un valor distinto de cero) mientras es ejecutado el m\\u00e9todo create_worker_threads, el bloqueo retenido no es liberado correctamente, lo que permite a usuarios locales desencadenar una denegaci\\u00f3n de servicio debido al bloqueo\"}]",
"id": "CVE-2022-31622",
"lastModified": "2024-11-21T07:04:52.393",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-05-25T21:15:08.617",
"references": "[{\"url\": \"https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://jira.mariadb.org/browse/MDEV-26561\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://jira.mariadb.org/browse/MDEV-26561?filter=-2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://jira.mariadb.org/browse/MDEV-26574\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220707-0006/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://jira.mariadb.org/browse/MDEV-26561\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://jira.mariadb.org/browse/MDEV-26561?filter=-2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://jira.mariadb.org/browse/MDEV-26574\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220707-0006/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-667\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-31622\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-05-25T21:15:08.617\",\"lastModified\":\"2024-11-21T07:04:52.393\",\"vulnStatus\":\"Modified\",\"cveTags\":[{\"sourceIdentifier\":\"cve@mitre.org\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.\"},{\"lang\":\"es\",\"value\":\"MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegaci\u00f3n de servicio. En el archivo extra/mariabackup/ds_compress.cc, cuando es producido un error (pthread_create devuelve un valor distinto de cero) mientras es ejecutado el m\u00e9todo create_worker_threads, el bloqueo retenido no es liberado correctamente, lo que permite a usuarios locales desencadenar una denegaci\u00f3n de servicio debido al bloqueo\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.2.42\",\"matchCriteriaId\":\"CE9ABE9C-698E-4289-9C3B-F4FBA550582D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.3.0\",\"versionEndExcluding\":\"10.3.33\",\"matchCriteriaId\":\"F8EB13E9-AFD7-4E82-A471-61201460CAC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.4.0\",\"versionEndExcluding\":\"10.4.23\",\"matchCriteriaId\":\"3EFE42EF-DB07-4DD4-A40C-6DD6A7D1E6DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.5.0\",\"versionEndExcluding\":\"10.5.14\",\"matchCriteriaId\":\"E3C63CE6-6B86-4C48-8D30-DC74CA83C5EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.6.0\",\"versionEndExcluding\":\"10.6.6\",\"matchCriteriaId\":\"09ADA35C-125F-4970-ACB7-36A9CC3516BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.7.0\",\"versionEndExcluding\":\"10.7.2\",\"matchCriteriaId\":\"E0435104-B0F9-4997-A769-36821689DF45\"}]}]}],\"references\":[{\"url\":\"https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://jira.mariadb.org/browse/MDEV-26561\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://jira.mariadb.org/browse/MDEV-26561?filter=-2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://jira.mariadb.org/browse/MDEV-26574\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220707-0006/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://jira.mariadb.org/browse/MDEV-26561\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://jira.mariadb.org/browse/MDEV-26561?filter=-2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://jira.mariadb.org/browse/MDEV-26574\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220707-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
alsa-2022:5826
Vulnerability from osv_almalinux
Published
2022-08-02 00:00
Modified
2022-08-05 15:41
Summary
Moderate: mariadb:10.5 security, bug fix, and enhancement update
Details
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: galera (26.4.11), mariadb (10.5.16). Security Fix(es): * mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669) * mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer (CVE-2022-24048) * mariadb: lack of validating the existence of an object prior to performing operations on the object (CVE-2022-24050) * mariadb: lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051) * mariadb: CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability (CVE-2022-24052) * mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376) * mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377) * mariadb: crash in create_tmp_table::finalize (CVE-2022-27378) * mariadb: crash in component arg_comparator::compare_real_fixed (CVE-2022-27379) * mariadb: crash at my_decimal::operator= (CVE-2022-27380) * mariadb: crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381) * mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order (CVE-2022-27382) * mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383) * mariadb: via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384) * mariadb: crash in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386) * mariadb: assertion failures in decimal_bin_size (CVE-2022-27387) * mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444) * mariadb: assertion failure in compare_order_elements (CVE-2022-27445) * mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446) * mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447) * mariadb: crash in multi-update and implicit grouping (CVE-2022-27448) * mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449) * mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451) * mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452) * mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455) * mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456) * mariadb: incorrect key in "dup value" error after long unique (CVE-2022-27457) * mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27458) * mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622) * mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31623) * mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659) * mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) (CVE-2021-46661) * mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements (CVE-2021-46663) * mariadb: crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664) * mariadb: crash because of incorrect used_tables expectations (CVE-2021-46665) * mariadb: crash via certain long SELECT DISTINCT statements (CVE-2021-46668) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Don't use less parallelism if not necessary (BZ#2096934) * Links in galera package description are bad (BZ#2096935) * [Tracker] Rebase to Galera 26.4.11 (BZ#2096936)
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "Judy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.5-18.module_el8.6.0+3072+3c630e87"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "galera"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.4.11-1.module_el8.6.0+3072+3c630e87"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.module_el8.6.0+3072+3c630e87"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-backup"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.module_el8.6.0+3072+3c630e87"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.module_el8.6.0+3072+3c630e87"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.module_el8.6.0+3072+3c630e87"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.module_el8.6.0+3072+3c630e87"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-embedded-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.module_el8.6.0+3072+3c630e87"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-errmsg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.module_el8.6.0+3072+3c630e87"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-gssapi-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.module_el8.6.0+3072+3c630e87"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-oqgraph-engine"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.module_el8.6.0+3072+3c630e87"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-pam"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.module_el8.6.0+3072+3c630e87"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.module_el8.6.0+3072+3c630e87"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server-galera"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.module_el8.6.0+3072+3c630e87"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.module_el8.6.0+3072+3c630e87"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.module_el8.6.0+3072+3c630e87"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\nThe following packages have been upgraded to a later upstream version: galera (26.4.11), mariadb (10.5.16).\nSecurity Fix(es):\n* mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669)\n* mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer (CVE-2022-24048)\n* mariadb: lack of validating the existence of an object prior to performing operations on the object (CVE-2022-24050)\n* mariadb: lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051)\n* mariadb: CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability (CVE-2022-24052)\n* mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)\n* mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)\n* mariadb: crash in create_tmp_table::finalize (CVE-2022-27378)\n* mariadb: crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)\n* mariadb: crash at my_decimal::operator= (CVE-2022-27380)\n* mariadb: crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)\n* mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order (CVE-2022-27382)\n* mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)\n* mariadb: via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)\n* mariadb: crash in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)\n* mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)\n* mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)\n* mariadb: assertion failure in compare_order_elements (CVE-2022-27445)\n* mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)\n* mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447)\n* mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)\n* mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)\n* mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)\n* mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)\n* mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)\n* mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)\n* mariadb: incorrect key in \"dup value\" error after long unique (CVE-2022-27457)\n* mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27458)\n* mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622)\n* mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31623)\n* mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)\n* mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) (CVE-2021-46661)\n* mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements (CVE-2021-46663)\n* mariadb: crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664)\n* mariadb: crash because of incorrect used_tables expectations (CVE-2021-46665)\n* mariadb: crash via certain long SELECT DISTINCT statements (CVE-2021-46668)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\nBug Fix(es):\n* Don\u0027t use less parallelism if not necessary (BZ#2096934)\n* Links in galera package description are bad (BZ#2096935)\n* [Tracker] Rebase to Galera 26.4.11 (BZ#2096936)",
"id": "ALSA-2022:5826",
"modified": "2022-08-05T15:41:21Z",
"published": "2022-08-02T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:5826"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46659"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46661"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46663"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46664"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46665"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46668"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46669"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-24048"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-24050"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-24051"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-24052"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27376"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27377"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27378"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27379"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27380"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27381"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27382"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27383"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27384"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27386"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27387"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27444"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27445"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27446"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27447"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27448"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27449"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27451"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27452"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27455"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27456"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27457"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27458"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-31622"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-31623"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2049302"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2050017"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2050022"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2050024"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2050026"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2050032"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2050034"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2068211"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2068233"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2068234"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2069833"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074817"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074947"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074949"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074951"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074966"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074981"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074987"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074996"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074999"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075005"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075006"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075691"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075692"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075693"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075694"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075695"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075696"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075697"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075699"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075700"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075701"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2076144"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2076145"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2092354"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2092360"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-5826.html"
}
],
"related": [
"CVE-2021-46669",
"CVE-2022-24048",
"CVE-2022-24050",
"CVE-2022-24051",
"CVE-2022-24052",
"CVE-2022-27376",
"CVE-2022-27377",
"CVE-2022-27378",
"CVE-2022-27379",
"CVE-2022-27380",
"CVE-2022-27381",
"CVE-2022-27382",
"CVE-2022-27383",
"CVE-2022-27384",
"CVE-2022-27386",
"CVE-2022-27387",
"CVE-2022-27444",
"CVE-2022-27445",
"CVE-2022-27446",
"CVE-2022-27447",
"CVE-2022-27448",
"CVE-2022-27449",
"CVE-2022-27451",
"CVE-2022-27452",
"CVE-2022-27455",
"CVE-2022-27456",
"CVE-2022-27457",
"CVE-2022-27458",
"CVE-2022-31622",
"CVE-2022-31623",
"CVE-2021-46659",
"CVE-2021-46661",
"CVE-2021-46663",
"CVE-2021-46664",
"CVE-2021-46665",
"CVE-2021-46668"
],
"summary": "Moderate: mariadb:10.5 security, bug fix, and enhancement update"
}
alsa-2022:5948
Vulnerability from osv_almalinux
Published
2022-08-09 00:00
Modified
2022-08-10 07:03
Summary
Moderate: galera, mariadb, and mysql-selinux security, bug fix, and enhancement update
Details
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: galera (26.4.11), mariadb (10.5.16), mysql-selinux (1.0.5). Security Fix(es): * mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669) * mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer (CVE-2022-24048) * mariadb: lack of validating the existence of an object prior to performing operations on the object (CVE-2022-24050) * mariadb: lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051) * mariadb: CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability (CVE-2022-24052) * mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376) * mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377) * mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378) * mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379) * mariadb: server crash at my_decimal::operator= (CVE-2022-27380) * mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381) * mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order (CVE-2022-27382) * mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383) * mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384) * mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386) * mariadb: assertion failures in decimal_bin_size (CVE-2022-27387) * mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444) * mariadb: assertion failure in compare_order_elements (CVE-2022-27445) * mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446) * mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447) * mariadb: crash in multi-update and implicit grouping (CVE-2022-27448) * mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449) * mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451) * mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452) * mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455) * mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456) * mariadb: incorrect key in "dup value" error after long unique (CVE-2022-27457) * mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27458) * mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622) * mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31623) * mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659) * mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) (CVE-2021-46661) * mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements (CVE-2021-46663) * mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664) * mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations (CVE-2021-46665) * mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements (CVE-2021-46668) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mariadb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mariadb-backup"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mariadb-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mariadb-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mariadb-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mariadb-embedded-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mariadb-errmsg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mariadb-gssapi-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mariadb-oqgraph-engine"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mariadb-pam"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mariadb-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mariadb-server-galera"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mariadb-server-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mariadb-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.16-2.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. \nThe following packages have been upgraded to a later upstream version: galera (26.4.11), mariadb (10.5.16), mysql-selinux (1.0.5).\nSecurity Fix(es):\n* mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669)\n* mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer (CVE-2022-24048)\n* mariadb: lack of validating the existence of an object prior to performing operations on the object (CVE-2022-24050)\n* mariadb: lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051)\n* mariadb: CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability (CVE-2022-24052)\n* mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)\n* mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)\n* mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)\n* mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)\n* mariadb: server crash at my_decimal::operator= (CVE-2022-27380)\n* mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)\n* mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order (CVE-2022-27382)\n* mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)\n* mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)\n* mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)\n* mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)\n* mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)\n* mariadb: assertion failure in compare_order_elements (CVE-2022-27445)\n* mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)\n* mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447)\n* mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)\n* mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)\n* mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)\n* mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)\n* mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)\n* mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)\n* mariadb: incorrect key in \"dup value\" error after long unique (CVE-2022-27457)\n* mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27458)\n* mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622)\n* mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31623)\n* mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)\n* mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) (CVE-2021-46661)\n* mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements (CVE-2021-46663)\n* mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664)\n* mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations (CVE-2021-46665)\n* mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements (CVE-2021-46668)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:5948",
"modified": "2022-08-10T07:03:13Z",
"published": "2022-08-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:5948"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46659"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46661"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46663"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46664"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46665"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46668"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46669"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-24048"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-24050"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-24051"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-24052"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27376"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27377"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27378"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27379"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27380"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27381"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27382"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27383"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27384"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27386"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27387"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27444"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27445"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27446"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27447"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27448"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27449"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27451"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27452"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27455"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27456"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27457"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27458"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-31622"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-31623"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2049302"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2050017"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2050022"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2050024"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2050026"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2050032"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2050034"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2068211"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2068233"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2068234"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2069833"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074817"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074947"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074949"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074951"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074966"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074981"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074987"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074996"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074999"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075005"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075006"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075691"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075692"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075693"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075694"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075695"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075696"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075697"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075699"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075700"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075701"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2076144"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2076145"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2092354"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2092360"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2022-5948.html"
}
],
"related": [
"CVE-2021-46669",
"CVE-2022-24048",
"CVE-2022-24050",
"CVE-2022-24051",
"CVE-2022-24052",
"CVE-2022-27376",
"CVE-2022-27377",
"CVE-2022-27378",
"CVE-2022-27379",
"CVE-2022-27380",
"CVE-2022-27381",
"CVE-2022-27382",
"CVE-2022-27383",
"CVE-2022-27384",
"CVE-2022-27386",
"CVE-2022-27387",
"CVE-2022-27444",
"CVE-2022-27445",
"CVE-2022-27446",
"CVE-2022-27447",
"CVE-2022-27448",
"CVE-2022-27449",
"CVE-2022-27451",
"CVE-2022-27452",
"CVE-2022-27455",
"CVE-2022-27456",
"CVE-2022-27457",
"CVE-2022-27458",
"CVE-2022-31622",
"CVE-2022-31623",
"CVE-2021-46659",
"CVE-2021-46661",
"CVE-2021-46663",
"CVE-2021-46664",
"CVE-2021-46665",
"CVE-2021-46668"
],
"summary": "Moderate: galera, mariadb, and mysql-selinux security, bug fix, and enhancement update"
}
alsa-2022:6443
Vulnerability from osv_almalinux
Published
2022-09-13 00:00
Modified
2022-10-14 07:41
Summary
Moderate: mariadb:10.3 security and bug fix update
Details
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
The following packages have been upgraded to a later upstream version: mariadb (10.3.35), galera (25.3.35).
Security Fix(es):
- mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669)
- mysql: Server: FTS unspecified vulnerability (CPU Apr 2022) (CVE-2022-21427)
- mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer (CVE-2022-24048)
- mariadb: lack of validating the existence of an object prior to performing operations on the object (CVE-2022-24050)
- mariadb: lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051)
- mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)
- mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)
- mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)
- mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)
- mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)
- mariadb: server crash at my_decimal::operator= (CVE-2022-27380)
- mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)
- mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)
- mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)
- mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)
- mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)
- mariadb: assertion failure in compare_order_elements (CVE-2022-27445)
- mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447)
- mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)
- mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)
- mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)
- mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)
- mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27458)
- mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622)
- mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31623)
- mariadb: server crash at Item_subselect::init_expr_cache_tracker (CVE-2022-32083)
- mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor (CVE-2022-32085)
- mariadb: server crash in Item_args::walk_args (CVE-2022-32087)
- mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort (CVE-2022-32088)
- mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)
- mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) (CVE-2021-46661)
- mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements (CVE-2021-46663)
- mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664)
- mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations (CVE-2021-46665)
- mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements (CVE-2021-46668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- [Tracker] Rebase to Galera 25.3.35 for MariaDB-10.3 (BZ#2107075)
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "Judy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.5-18.module_el8.6.0+3139+3c630e87"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "Judy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.5-18.module_el8.6.0+3072+3c630e87"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "galera"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "25.3.35-1.module_el8.6.0+3265+230ed96b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.35-1.module_el8.6.0+3265+230ed96b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-backup"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.35-1.module_el8.6.0+3265+230ed96b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.35-1.module_el8.6.0+3265+230ed96b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.35-1.module_el8.6.0+3265+230ed96b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.35-1.module_el8.6.0+3265+230ed96b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-embedded-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.35-1.module_el8.6.0+3265+230ed96b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-errmsg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.35-1.module_el8.6.0+3265+230ed96b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-gssapi-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.35-1.module_el8.6.0+3265+230ed96b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-oqgraph-engine"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.35-1.module_el8.6.0+3265+230ed96b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.35-1.module_el8.6.0+3265+230ed96b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server-galera"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.35-1.module_el8.6.0+3265+230ed96b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.35-1.module_el8.6.0+3265+230ed96b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.35-1.module_el8.6.0+3265+230ed96b"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. \n\nThe following packages have been upgraded to a later upstream version: mariadb (10.3.35), galera (25.3.35).\n\nSecurity Fix(es):\n\n* mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669)\n* mysql: Server: FTS unspecified vulnerability (CPU Apr 2022) (CVE-2022-21427)\n* mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer (CVE-2022-24048)\n* mariadb: lack of validating the existence of an object prior to performing operations on the object (CVE-2022-24050)\n* mariadb: lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051)\n* mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)\n* mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)\n* mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)\n* mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)\n* mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)\n* mariadb: server crash at my_decimal::operator= (CVE-2022-27380)\n* mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)\n* mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)\n* mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)\n* mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)\n* mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)\n* mariadb: assertion failure in compare_order_elements (CVE-2022-27445)\n* mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447)\n* mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)\n* mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)\n* mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)\n* mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)\n* mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27458)\n* mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622)\n* mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31623)\n* mariadb: server crash at Item_subselect::init_expr_cache_tracker (CVE-2022-32083)\n* mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor (CVE-2022-32085)\n* mariadb: server crash in Item_args::walk_args (CVE-2022-32087)\n* mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort (CVE-2022-32088)\n* mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)\n* mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) (CVE-2021-46661)\n* mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements (CVE-2021-46663)\n* mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664)\n* mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations (CVE-2021-46665)\n* mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements (CVE-2021-46668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [Tracker] Rebase to Galera 25.3.35 for MariaDB-10.3 (BZ#2107075)",
"id": "ALSA-2022:6443",
"modified": "2022-10-14T07:41:44Z",
"published": "2022-09-13T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:6443"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46659"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46661"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46663"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46664"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46665"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46668"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46669"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21427"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-24048"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-24050"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-24051"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-24052"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27376"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27377"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27378"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27379"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27380"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27381"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27383"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27384"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27386"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27387"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27445"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27447"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27448"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27449"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27452"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27456"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27458"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-31622"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-31623"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-32083"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-32085"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-32087"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-32088"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2049302"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2050017"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2050022"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2050024"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2050026"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2050032"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2050034"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2068211"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2068233"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2068234"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2069833"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074817"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074947"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074949"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074951"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074966"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074981"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074996"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2074999"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075005"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075006"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075691"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075693"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075694"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075695"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075697"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075700"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2076145"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2082644"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2092354"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2092360"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2104425"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2104431"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2104434"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2106008"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-6443.html"
}
],
"related": [
"CVE-2021-46669",
"CVE-2022-21427",
"CVE-2022-24048",
"CVE-2022-24050",
"CVE-2022-24051",
"CVE-2022-24052",
"CVE-2022-27376",
"CVE-2022-27377",
"CVE-2022-27378",
"CVE-2022-27379",
"CVE-2022-27380",
"CVE-2022-27381",
"CVE-2022-27383",
"CVE-2022-27384",
"CVE-2022-27386",
"CVE-2022-27387",
"CVE-2022-27445",
"CVE-2022-27447",
"CVE-2022-27448",
"CVE-2022-27449",
"CVE-2022-27452",
"CVE-2022-27456",
"CVE-2022-27458",
"CVE-2022-31622",
"CVE-2022-31623",
"CVE-2022-32083",
"CVE-2022-32085",
"CVE-2022-32087",
"CVE-2022-32088",
"CVE-2021-46659",
"CVE-2021-46661",
"CVE-2021-46663",
"CVE-2021-46664",
"CVE-2021-46665",
"CVE-2021-46668"
],
"summary": "Moderate: mariadb:10.3 security and bug fix update"
}
BDU:2022-03791
Vulnerability from fstec - Published: 09.11.2021
VLAI Severity ?
Title
Уязвимость метода create_worker_threads системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость метода create_worker_threads (extra/mariabackup/ds_compress.cc) системы управления базами данных MariaDB существует из-за некорректной зачистки или освобождения ресурсов. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании
Severity ?
Vendor
MariaDB Foundation, АО «ИВК», АО «НТЦ ИТ РОСА»
Software Name
MariaDB, Альт 8 СП (запись в едином реестре российских программ №4305), РОСА ХРОМ (запись в едином реестре российских программ №1607)
Software Version
от 10.2.0 до 10.2.42 (MariaDB), от 10.3.0 до 10.3.33 (MariaDB), от 10.4.0 до 10.4.23 (MariaDB), от 10.5.0 до 10.5.14 (MariaDB), от 10.6.0 до 10.6.6 (MariaDB), от 10.7.0 до 10.7.2 (MariaDB), - (Альт 8 СП), 12.4 (РОСА ХРОМ)
Possible Mitigations
Обновление системы управления базами данных MariaDB до более новой версии.
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Для операционной системы РОСА ХРОМ: https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2254
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-31622
https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2
https://jira.mariadb.org/browse/MDEV-26561?filter=-2
https://altsp.su/obnovleniya-bezopasnosti/
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2254
CWE
CWE-404
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "MariaDB Foundation, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 10.2.0 \u0434\u043e 10.2.42 (MariaDB), \u043e\u0442 10.3.0 \u0434\u043e 10.3.33 (MariaDB), \u043e\u0442 10.4.0 \u0434\u043e 10.4.23 (MariaDB), \u043e\u0442 10.5.0 \u0434\u043e 10.5.14 (MariaDB), \u043e\u0442 10.6.0 \u0434\u043e 10.6.6 (MariaDB), \u043e\u0442 10.7.0 \u0434\u043e 10.7.2 (MariaDB), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 12.4 (\u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 MariaDB \u0434\u043e \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438.\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c: https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2254",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "09.11.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "09.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.06.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-03791",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-31622",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "MariaDB, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c 12.4 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0442\u043e\u0434\u0430 create_worker_threads \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 MariaDB, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u0430\u044f \u0437\u0430\u0447\u0438\u0441\u0442\u043a\u0430 \u0438\u043b\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 (CWE-404)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0442\u043e\u0434\u0430 create_worker_threads (extra/mariabackup/ds_compress.cc) \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 MariaDB \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0437\u0430\u0447\u0438\u0441\u0442\u043a\u0438 \u0438\u043b\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2022-31622\nhttps://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2 \nhttps://jira.mariadb.org/browse/MDEV-26561?filter=-2\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2254",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0423\u0411\u0414, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-404",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 1,7)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,3)"
}
bit-mariadb-2022-31622
Vulnerability from bitnami_vulndb
Published
2024-03-06 10:58
Modified
2025-04-03 14:40
Summary
Details
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "mariadb",
"purl": "pkg:bitnami/mariadb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.2.42"
},
{
"introduced": "10.3.0"
},
{
"fixed": "10.3.33"
},
{
"introduced": "10.4.0"
},
{
"fixed": "10.4.23"
},
{
"introduced": "10.5.0"
},
{
"fixed": "10.5.14"
},
{
"introduced": "10.6.0"
},
{
"fixed": "10.6.6"
},
{
"introduced": "10.7.0"
},
{
"fixed": "10.7.2"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2022-31622"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*"
],
"severity": "Medium"
},
"details": "MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.",
"id": "BIT-mariadb-2022-31622",
"modified": "2025-04-03T14:40:37.652Z",
"published": "2024-03-06T10:58:01.573Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2"
},
{
"type": "WEB",
"url": "https://jira.mariadb.org/browse/MDEV-26561?filter=-2"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220707-0006/"
},
{
"type": "WEB",
"url": "https://jira.mariadb.org/browse/MDEV-26561"
},
{
"type": "WEB",
"url": "https://jira.mariadb.org/browse/MDEV-26574"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31622"
}
],
"schema_version": "1.5.0"
}
CNVD-2022-65343
Vulnerability from cnvd - Published: 2022-09-23
VLAI Severity ?
Title
MariaDB Server拒绝服务漏洞(CNVD-2022-65343)
Description
MariaDB是Mariadb基金会的一套数据库管理系统,也是一个采用Maria存储引擎的MySQL分支版本。
MariaDB Server 10.7之前的版本存在拒绝服务漏洞,该漏洞源于在extra/mariabackup/ds_compress.cc中,当执行create_worker_threads方法时发生错误,攻击者可利用该漏洞导致本地用户因死锁而触发拒绝服务。
Severity
低
Patch Name
MariaDB Server拒绝服务漏洞(CNVD-2022-65343)的补丁
Patch Description
MariaDB是Mariadb基金会的一套数据库管理系统,也是一个采用Maria存储引擎的MySQL分支版本。
MariaDB Server 10.7之前的版本存在安全漏洞,该漏洞源于在extra/mariabackup/ds_compress.cc中,当执行create_worker_threads方法时发生错误,攻击者可利用该漏洞导致本地用户因死锁而触发拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://jira.mariadb.org/browse/MDEV-26561?filter=-2
Reference
https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2
Impacted products
| Name | MariaDB MariaDB Server <10.7 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2022-31622",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-31622"
}
},
"description": "MariaDB\u662fMariadb\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u4e5f\u662f\u4e00\u4e2a\u91c7\u7528Maria\u5b58\u50a8\u5f15\u64ce\u7684MySQL\u5206\u652f\u7248\u672c\u3002\n\nMariaDB Server 10.7\u4e4b\u524d\u7684\u7248\u672c\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728extra/mariabackup/ds_compress.cc\u4e2d\uff0c\u5f53\u6267\u884ccreate_worker_threads\u65b9\u6cd5\u65f6\u53d1\u751f\u9519\u8bef\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u672c\u5730\u7528\u6237\u56e0\u6b7b\u9501\u800c\u89e6\u53d1\u62d2\u7edd\u670d\u52a1\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://jira.mariadb.org/browse/MDEV-26561?filter=-2",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-65343",
"openTime": "2022-09-23",
"patchDescription": "MariaDB\u662fMariadb\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u4e5f\u662f\u4e00\u4e2a\u91c7\u7528Maria\u5b58\u50a8\u5f15\u64ce\u7684MySQL\u5206\u652f\u7248\u672c\u3002\r\n\r\nMariaDB Server 10.7\u4e4b\u524d\u7684\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728extra/mariabackup/ds_compress.cc\u4e2d\uff0c\u5f53\u6267\u884ccreate_worker_threads\u65b9\u6cd5\u65f6\u53d1\u751f\u9519\u8bef\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u672c\u5730\u7528\u6237\u56e0\u6b7b\u9501\u800c\u89e6\u53d1\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "MariaDB Server\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2022-65343\uff09\u7684\u8865\u4e01",
"products": {
"product": "MariaDB MariaDB Server \u003c10.7"
},
"referenceLink": "https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2",
"serverity": "\u4f4e",
"submitTime": "2022-05-26",
"title": "MariaDB Server\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2022-65343\uff09"
}
FKIE_CVE-2022-31622
Vulnerability from fkie_nvd - Published: 2022-05-25 21:15 - Updated: 2024-11-21 07:04
Severity ?
Summary
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2 | Patch, Third Party Advisory | |
| cve@mitre.org | https://jira.mariadb.org/browse/MDEV-26561 | ||
| cve@mitre.org | https://jira.mariadb.org/browse/MDEV-26561?filter=-2 | Issue Tracking, Permissions Required, Third Party Advisory | |
| cve@mitre.org | https://jira.mariadb.org/browse/MDEV-26574 | ||
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20220707-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jira.mariadb.org/browse/MDEV-26561 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://jira.mariadb.org/browse/MDEV-26561?filter=-2 | Issue Tracking, Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jira.mariadb.org/browse/MDEV-26574 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220707-0006/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9ABE9C-698E-4289-9C3B-F4FBA550582D",
"versionEndExcluding": "10.2.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8EB13E9-AFD7-4E82-A471-61201460CAC4",
"versionEndExcluding": "10.3.33",
"versionStartIncluding": "10.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFE42EF-DB07-4DD4-A40C-6DD6A7D1E6DC",
"versionEndExcluding": "10.4.23",
"versionStartIncluding": "10.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3C63CE6-6B86-4C48-8D30-DC74CA83C5EC",
"versionEndExcluding": "10.5.14",
"versionStartIncluding": "10.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09ADA35C-125F-4970-ACB7-36A9CC3516BF",
"versionEndExcluding": "10.6.6",
"versionStartIncluding": "10.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0435104-B0F9-4997-A769-36821689DF45",
"versionEndExcluding": "10.7.2",
"versionStartIncluding": "10.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects."
},
{
"lang": "es",
"value": "MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegaci\u00f3n de servicio. En el archivo extra/mariabackup/ds_compress.cc, cuando es producido un error (pthread_create devuelve un valor distinto de cero) mientras es ejecutado el m\u00e9todo create_worker_threads, el bloqueo retenido no es liberado correctamente, lo que permite a usuarios locales desencadenar una denegaci\u00f3n de servicio debido al bloqueo"
}
],
"id": "CVE-2022-31622",
"lastModified": "2024-11-21T07:04:52.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-25T21:15:08.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2"
},
{
"source": "cve@mitre.org",
"url": "https://jira.mariadb.org/browse/MDEV-26561"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Permissions Required",
"Third Party Advisory"
],
"url": "https://jira.mariadb.org/browse/MDEV-26561?filter=-2"
},
{
"source": "cve@mitre.org",
"url": "https://jira.mariadb.org/browse/MDEV-26574"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220707-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://jira.mariadb.org/browse/MDEV-26561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Permissions Required",
"Third Party Advisory"
],
"url": "https://jira.mariadb.org/browse/MDEV-26561?filter=-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://jira.mariadb.org/browse/MDEV-26574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220707-0006/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-P293-2W9F-JRWC
Vulnerability from github – Published: 2022-05-26 00:01 – Updated: 2024-05-03 00:30
VLAI?
Details
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
Severity ?
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2022-31622"
],
"database_specific": {
"cwe_ids": [
"CWE-404",
"CWE-667"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-25T21:15:00Z",
"severity": "MODERATE"
},
"details": "MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.",
"id": "GHSA-p293-2w9f-jrwc",
"modified": "2024-05-03T00:30:43Z",
"published": "2022-05-26T00:01:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31622"
},
{
"type": "WEB",
"url": "https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2"
},
{
"type": "WEB",
"url": "https://jira.mariadb.org/browse/MDEV-26561"
},
{
"type": "WEB",
"url": "https://jira.mariadb.org/browse/MDEV-26561?filter=-2"
},
{
"type": "WEB",
"url": "https://jira.mariadb.org/browse/MDEV-26574"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220707-0006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2022-31622
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-31622",
"description": "MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.",
"id": "GSD-2022-31622",
"references": [
"https://www.suse.com/security/cve/CVE-2022-31622.html",
"https://access.redhat.com/errata/RHSA-2022:5759",
"https://access.redhat.com/errata/RHSA-2022:5826",
"https://access.redhat.com/errata/RHSA-2022:5948",
"https://access.redhat.com/errata/RHSA-2022:6306",
"https://access.redhat.com/errata/RHSA-2022:6443"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-31622"
],
"details": "MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.",
"id": "GSD-2022-31622",
"modified": "2023-12-13T01:19:18.230340Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.mariadb.org/browse/MDEV-26561?filter=-2",
"refsource": "MISC",
"url": "https://jira.mariadb.org/browse/MDEV-26561?filter=-2"
},
{
"name": "https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2",
"refsource": "MISC",
"url": "https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220707-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220707-0006/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.3.33",
"versionStartIncluding": "10.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.4.23",
"versionStartIncluding": "10.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.5.14",
"versionStartIncluding": "10.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.7.2",
"versionStartIncluding": "10.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.6.6",
"versionStartIncluding": "10.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.2.42",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31622"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.mariadb.org/browse/MDEV-26561?filter=-2",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Permissions Required",
"Third Party Advisory"
],
"url": "https://jira.mariadb.org/browse/MDEV-26561?filter=-2"
},
{
"name": "https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220707-0006/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220707-0006/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-11-05T02:01Z",
"publishedDate": "2022-05-25T21:15Z"
}
}
}
MSRC_CVE-2022-31622
Vulnerability from csaf_microsoft - Published: 2022-05-02 00:00 - Updated: 2022-05-28 00:00Summary
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads the held lock is not released correctly which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
5.5 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 18704-16820 | — | ||
| Unresolved product id: 18640-17086 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2022/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2022/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2022-31622 MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads the held lock is not released correctly which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2022-31622.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads the held lock is not released correctly which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.",
"tracking": {
"current_release_date": "2022-05-28T00:00:00.000Z",
"generator": {
"date": "2025-10-19T23:32:50.750Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2022-31622",
"initial_release_date": "2022-05-02T00:00:00.000Z",
"revision_history": [
{
"date": "2022-05-28T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 mariadb 10.3.35-1",
"product": {
"name": "\u003ccm1 mariadb 10.3.35-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cm1 mariadb 10.3.35-1",
"product": {
"name": "cm1 mariadb 10.3.35-1",
"product_id": "18704"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 mariadb 10.6.9-1",
"product": {
"name": "\u003ccbl2 mariadb 10.6.9-1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cbl2 mariadb 10.6.9-1",
"product": {
"name": "cbl2 mariadb 10.6.9-1",
"product_id": "18640"
}
}
],
"category": "product_name",
"name": "mariadb"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 mariadb 10.3.35-1 as a component of CBL Mariner 1.0",
"product_id": "16820-1"
},
"product_reference": "1",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 mariadb 10.3.35-1 as a component of CBL Mariner 1.0",
"product_id": "18704-16820"
},
"product_reference": "18704",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 mariadb 10.6.9-1 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 mariadb 10.6.9-1 as a component of CBL Mariner 2.0",
"product_id": "18640-17086"
},
"product_reference": "18640",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-31622",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"18704-16820",
"18640-17086"
],
"known_affected": [
"16820-1",
"17086-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-31622 MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads the held lock is not released correctly which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2022-31622.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-28T00:00:00.000Z",
"details": "10.3.35-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2022-05-28T00:00:00.000Z",
"details": "10.6.9-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"16820-1",
"17086-2"
]
}
],
"title": "MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads the held lock is not released correctly which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects."
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…