CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2023-5157 – Mariadb: node crashes with transport endpoint is not connected mysqld got signal 6
https://notcve.org/view.php?id=CVE-2023-5157
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. Se encontró una vulnerabilidad en MariaDB. Un escaneo de puertos OpenVAS en los puertos 3306 y 4567 permite que un cliente remoto malicioso provoque una denegación de servicio. • https://access.redhat.com/errata/RHSA-2023:5683 https://access.redhat.com/errata/RHSA-2023:5684 https://access.redhat.com/errata/RHSA-2023:6821 https://access.redhat.com/errata/RHSA-2023:6822 https://access.redhat.com/errata/RHSA-2023:6883 https://access.redhat.com/errata/RHSA-2023:7633 https://access.redhat.com/security/cve/CVE-2023-5157 https://bugzilla.redhat.com/show_bug.cgi?id=2240246 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31624 – mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c
https://notcve.org/view.php?id=CVE-2022-31624
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegación de servicio. Mientras es ejecutado el método log_statement_ex del archivo plugin/server_audit/server_audit.c, el bloqueo mantenido lock_bigbuffer no es liberado correctamente, lo que permite a usuarios locales desencadenar una denegación de servicio debido al bloqueo • https://github.com/MariaDB/server/commit/d627d00b13ab2f2c0954ea7b77202470cb102944 https://jira.mariadb.org/browse/MDEV-26556?filter=-2 https://security.netapp.com/advisory/ntap-20220707-0006 https://access.redhat.com/security/cve/CVE-2022-31624 https://bugzilla.redhat.com/show_bug.cgi?id=2092362 • CWE-404: Improper Resource Shutdown or Release CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31621 – mariadb: improper locking due to unreleased lock in the ds_xbstream.cc
https://notcve.org/view.php?id=CVE-2022-31621
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegación de servicio. En el archivo xtra/mariabackup/ds_xbstream.cc, cuando es producido un error (stream_ctxt-)dest_file == NULL) mientras es ejecutado el método xbstream_open, el bloqueo mantenido no es liberado correctamente, lo que permite a usuarios locales desencadenar una denegación de servicio debido al bloqueo • https://github.com/MariaDB/server/commit/b1351c15946349f9daa7e5297fb2ac6f3139e4a8 https://jira.mariadb.org/browse/MDEV-26561 https://jira.mariadb.org/browse/MDEV-26574 https://jira.mariadb.org/browse/MDEV-26574?filter=-2 https://security.netapp.com/advisory/ntap-20220707-0006 https://access.redhat.com/security/cve/CVE-2022-31621 https://bugzilla.redhat.com/show_bug.cgi?id=2092353 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31622 – mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
https://notcve.org/view.php?id=CVE-2022-31622
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegación de servicio. En el archivo extra/mariabackup/ds_compress.cc, cuando es producido un error (pthread_create devuelve un valor distinto de cero) mientras es ejecutado el método create_worker_threads, el bloqueo retenido no es liberado correctamente, lo que permite a usuarios locales desencadenar una denegación de servicio debido al bloqueo • https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2 https://jira.mariadb.org/browse/MDEV-26561 https://jira.mariadb.org/browse/MDEV-26561?filter=-2 https://jira.mariadb.org/browse/MDEV-26574 https://security.netapp.com/advisory/ntap-20220707-0006 https://access.redhat.com/security/cve/CVE-2022-31622 https://bugzilla.redhat.com/show_bug.cgi?id=2092354 • CWE-404: Improper Resource Shutdown or Release CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31623 – mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
https://notcve.org/view.php?id=CVE-2022-31623
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegación de servicio. En el archivo extra/mariabackup/ds_compress.cc, cuando es producido un error (es decir, pasa a la etiqueta err) mientras es ejecutado el método create_worker_threads, el bloqueo retenido thd-)ctrl_mutex no es liberado correctamente, lo que permite a usuarios locales desencadenar una denegación de servicio debido al bloqueo • https://github.com/MariaDB/server/commit/7c30bc38a588b22b01f11130cfe99e7f36accf94 https://github.com/MariaDB/server/pull/1938 https://jira.mariadb.org/browse/MDEV-26561 https://jira.mariadb.org/browse/MDEV-26574 https://security.netapp.com/advisory/ntap-20220707-0006 https://access.redhat.com/security/cve/CVE-2022-31623 https://bugzilla.redhat.com/show_bug.cgi?id=2092360 • CWE-667: Improper Locking •