CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2022-32084 – mariadb: segmentation fault via the component sub_select
https://notcve.org/view.php?id=CVE-2022-32084
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. Se ha detectado que MariaDB versiones v10.2 a v10.7, contiene un fallo de segmentación por medio del componente sub_select • https://jira.mariadb.org/browse/MDEV-26427 https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCOEGSVMIEXDZHBOSV6WVF7FAVRBR2JE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTVAONAZXJFGHAJ4RP2OF3EAMQCOTDSQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHISY4YVO4S5QJYYIXCIAXBM7INOL4VY https://security.netapp.com/advisory/ntap-20220818-0005 h • CWE-229: Improper Handling of Values •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-32089 – mariadb: server crash in st_select_lex_unit::exclude_level
https://notcve.org/view.php?id=CVE-2022-32089
MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. Se ha detectado que MariaDB versiones v10.5 a v10.7, contiene un fallo de segmentación por medio del componente st_select_lex_unit::exclude_level • https://jira.mariadb.org/browse/MDEV-26410 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCOEGSVMIEXDZHBOSV6WVF7FAVRBR2JE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTVAONAZXJFGHAJ4RP2OF3EAMQCOTDSQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHISY4YVO4S5QJYYIXCIAXBM7INOL4VY https://security.netapp.com/advisory/ntap-20220818-0005 https://access.redhat.com/security/cve/CVE-2022-32089 https://b • CWE-229: Improper Handling of Values •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2022-32091 – mariadb: server crash in JOIN_CACHE::free or in copy_fields
https://notcve.org/view.php?id=CVE-2022-32091
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. Se ha detectado que MariaDB v10.7, contiene un error de uso en la función __interceptor_memset en el archivo /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc • https://jira.mariadb.org/browse/MDEV-26431 https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCOEGSVMIEXDZHBOSV6WVF7FAVRBR2JE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTVAONAZXJFGHAJ4RP2OF3EAMQCOTDSQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHISY4YVO4S5QJYYIXCIAXBM7INOL4VY https://security.netapp.com/advisory/ntap-20220818-0005 h • CWE-229: Improper Handling of Values CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31624 – mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c
https://notcve.org/view.php?id=CVE-2022-31624
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegación de servicio. Mientras es ejecutado el método log_statement_ex del archivo plugin/server_audit/server_audit.c, el bloqueo mantenido lock_bigbuffer no es liberado correctamente, lo que permite a usuarios locales desencadenar una denegación de servicio debido al bloqueo • https://github.com/MariaDB/server/commit/d627d00b13ab2f2c0954ea7b77202470cb102944 https://jira.mariadb.org/browse/MDEV-26556?filter=-2 https://security.netapp.com/advisory/ntap-20220707-0006 https://access.redhat.com/security/cve/CVE-2022-31624 https://bugzilla.redhat.com/show_bug.cgi?id=2092362 • CWE-404: Improper Resource Shutdown or Release CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31621 – mariadb: improper locking due to unreleased lock in the ds_xbstream.cc
https://notcve.org/view.php?id=CVE-2022-31621
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegación de servicio. En el archivo xtra/mariabackup/ds_xbstream.cc, cuando es producido un error (stream_ctxt-)dest_file == NULL) mientras es ejecutado el método xbstream_open, el bloqueo mantenido no es liberado correctamente, lo que permite a usuarios locales desencadenar una denegación de servicio debido al bloqueo • https://github.com/MariaDB/server/commit/b1351c15946349f9daa7e5297fb2ac6f3139e4a8 https://jira.mariadb.org/browse/MDEV-26561 https://jira.mariadb.org/browse/MDEV-26574 https://jira.mariadb.org/browse/MDEV-26574?filter=-2 https://security.netapp.com/advisory/ntap-20220707-0006 https://access.redhat.com/security/cve/CVE-2022-31621 https://bugzilla.redhat.com/show_bug.cgi?id=2092353 • CWE-667: Improper Locking •