CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-27378 – mariadb: server crash in create_tmp_table::finalize
https://notcve.org/view.php?id=CVE-2022-27378
12 Apr 2022 — An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. Se ha detectado un problema en el componente Create_tmp_table::finalize de MariaDB Server versiones v10.7 y anteriores, que permite a atacantes causar una denegación de servicio (DoS) por medio de sentencias SQL especialmente diseñadas A flaw was found in MariaDB. The component, Create_tmp_table::finalize, allows att... • https://jira.mariadb.org/browse/MDEV-26423 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-27377 – mariadb: use-after-poison when complex conversion is involved in blob
https://notcve.org/view.php?id=CVE-2022-27377
12 Apr 2022 — MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. Se ha detectado que MariaDB Server versiones v10.6.3 y anteriores, contienen un uso de memoria previamente liberada en el componente Item_func_in::cleanup(), que es explotada por medio de sentencias SQL especialmente diseñadas A flaw was found in the MariaDB Server, where it contains a use-after-free in the component, Item_func_in::cl... • https://jira.mariadb.org/browse/MDEV-26281 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 4%CPEs: 32EXPL: 8CVE-2022-0778 – Infinite loop in BN_mod_sqrt() reachable when parsing certificates
https://notcve.org/view.php?id=CVE-2022-0778
15 Mar 2022 — The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of ... • https://packetstorm.news/files/id/167344 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-24052 – MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-24052
16 Feb 2022 — MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-24048 – MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-24048
16 Feb 2022 — MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-24051 – MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-24051
16 Feb 2022 — MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-24050 – MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-24050
16 Feb 2022 — MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD • CWE-416: Use After Free CWE-1173: Improper Use of Validation Framework •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2021-46661 – mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE)
https://notcve.org/view.php?id=CVE-2021-46661
01 Feb 2022 — MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). MariaDB versiones hasta 10.5.9, permite un bloqueo de aplicación en las funciones find_field_in_tables y find_order_in_list por medio de una expresión de tabla común (CTE) no usada MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include buffer overflow and use-after-fre... • https://jira.mariadb.org/browse/MDEV-25766 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2021-46664 – mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr
https://notcve.org/view.php?id=CVE-2021-46664
01 Feb 2022 — MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. MariaDB versiones hasta 10.5.9, permite un bloqueo de aplicación en la función sub_select_postjoin_aggr por un valor NULL de aggr MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities. • https://jira.mariadb.org/browse/MDEV-25761 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2021-46665 – mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations
https://notcve.org/view.php?id=CVE-2021-46665
01 Feb 2022 — MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. MariaDB versiones hasta 10.5.9, permite un bloqueo de la aplicación sql_parse.cc debido a expectativas incorrectas de used_tables Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.34 in Ubuntu 20.04 LTS and to 10.5.15 in Ubuntu 21.10. In addition to security fixes, the updated packages conta... • https://jira.mariadb.org/browse/MDEV-25636 • CWE-20: Improper Input Validation •