CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2022-32082 – mariadb: assertion failure at table->get_ref_count() == 0 in dict0dict.cc
https://notcve.org/view.php?id=CVE-2022-32082
MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. Se ha detectado que MariaDB v10.5 a v10.7, contiene un fallo de aserción en la función table-)get_ref_count() == 0 en el archivo dict0dict.cc • https://jira.mariadb.org/browse/MDEV-26433 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCOEGSVMIEXDZHBOSV6WVF7FAVRBR2JE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTVAONAZXJFGHAJ4RP2OF3EAMQCOTDSQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHISY4YVO4S5QJYYIXCIAXBM7INOL4VY https://security.netapp.com/advisory/ntap-20220818-0005 https://access.redhat.com/security/cve/CVE-2022-32082 https://b • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2022-32084 – mariadb: segmentation fault via the component sub_select
https://notcve.org/view.php?id=CVE-2022-32084
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. Se ha detectado que MariaDB versiones v10.2 a v10.7, contiene un fallo de segmentación por medio del componente sub_select • https://jira.mariadb.org/browse/MDEV-26427 https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCOEGSVMIEXDZHBOSV6WVF7FAVRBR2JE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTVAONAZXJFGHAJ4RP2OF3EAMQCOTDSQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHISY4YVO4S5QJYYIXCIAXBM7INOL4VY https://security.netapp.com/advisory/ntap-20220818-0005 h • CWE-229: Improper Handling of Values •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-32089 – mariadb: server crash in st_select_lex_unit::exclude_level
https://notcve.org/view.php?id=CVE-2022-32089
MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. Se ha detectado que MariaDB versiones v10.5 a v10.7, contiene un fallo de segmentación por medio del componente st_select_lex_unit::exclude_level • https://jira.mariadb.org/browse/MDEV-26410 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCOEGSVMIEXDZHBOSV6WVF7FAVRBR2JE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTVAONAZXJFGHAJ4RP2OF3EAMQCOTDSQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHISY4YVO4S5QJYYIXCIAXBM7INOL4VY https://security.netapp.com/advisory/ntap-20220818-0005 https://access.redhat.com/security/cve/CVE-2022-32089 https://b • CWE-229: Improper Handling of Values •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2022-32091 – mariadb: server crash in JOIN_CACHE::free or in copy_fields
https://notcve.org/view.php?id=CVE-2022-32091
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. Se ha detectado que MariaDB v10.7, contiene un error de uso en la función __interceptor_memset en el archivo /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc • https://jira.mariadb.org/browse/MDEV-26431 https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCOEGSVMIEXDZHBOSV6WVF7FAVRBR2JE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTVAONAZXJFGHAJ4RP2OF3EAMQCOTDSQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHISY4YVO4S5QJYYIXCIAXBM7INOL4VY https://security.netapp.com/advisory/ntap-20220818-0005 h • CWE-229: Improper Handling of Values CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31622 – mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
https://notcve.org/view.php?id=CVE-2022-31622
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegación de servicio. En el archivo extra/mariabackup/ds_compress.cc, cuando es producido un error (pthread_create devuelve un valor distinto de cero) mientras es ejecutado el método create_worker_threads, el bloqueo retenido no es liberado correctamente, lo que permite a usuarios locales desencadenar una denegación de servicio debido al bloqueo • https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2 https://jira.mariadb.org/browse/MDEV-26561 https://jira.mariadb.org/browse/MDEV-26561?filter=-2 https://jira.mariadb.org/browse/MDEV-26574 https://security.netapp.com/advisory/ntap-20220707-0006 https://access.redhat.com/security/cve/CVE-2022-31622 https://bugzilla.redhat.com/show_bug.cgi?id=2092354 • CWE-404: Improper Resource Shutdown or Release CWE-667: Improper Locking •