Page 5 of 138 results (0.023 seconds)

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1

An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. Se ha detectado un problema en el componente Create_tmp_table::finalize de MariaDB Server versiones v10.7 y anteriores, que permite a atacantes causar una denegación de servicio (DoS) por medio de sentencias SQL especialmente diseñadas A flaw was found in MariaDB. The component, Create_tmp_table::finalize, allows attackers to cause a denial of service (DoS) via specially crafted SQL statements, affecting availability. • https://jira.mariadb.org/browse/MDEV-26423 https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html https://security.netapp.com/advisory/ntap-20220526-0004 https://access.redhat.com/security/cve/CVE-2022-27378 https://bugzilla.redhat.com/show_bug.cgi?id=2074949 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. Se ha detectado que MariaDB Server versiones v10.6.3 y anteriores, contienen un uso de memoria previamente liberada en el componente Item_func_in::cleanup(), que es explotada por medio de sentencias SQL especialmente diseñadas A flaw was found in the MariaDB Server, where it contains a use-after-free in the component, Item_func_in::cleanup(). This issue is exploited via specially crafted SQL statements, affecting availability. • https://jira.mariadb.org/browse/MDEV-26281 https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html https://security.netapp.com/advisory/ntap-20220526-0007 https://access.redhat.com/security/cve/CVE-2022-27377 https://bugzilla.redhat.com/show_bug.cgi?id=2074947 • CWE-416: Use After Free •

CVSS: 7.5EPSS: 1%CPEs: 32EXPL: 4

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. • https://github.com/drago-96/CVE-2022-0778 https://github.com/jkakavas/CVE-2022-0778-POC https://github.com/0xUhaw/CVE-2022-0778 https://github.com/jeongjunsoo/CVE-2022-0778 http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/38 https://cert-portal.siemens.com/productcert/pdf/ssa-712 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO https://mariadb.com/kb/en/security https://security.netapp.com/advisory/ntap-20220318-0004 https://www.zerodayinitiative.com/advisories/ZDI-22-363 https://access.redh • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO https://mariadb.com/kb/en/security https://security.netapp.com/advisory/ntap-20220318-0004 https://www.zerodayinitiative.com/advisories/ZDI-22-318 https://access.redh • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-134: Use of Externally-Controlled Format String •