CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-27447 – mariadb: use-after-poison in Binary_string::free_buffer
https://notcve.org/view.php?id=CVE-2022-27447
MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. Se ha detectado que MariaDB Server versiones v10.9 y anteriores, contienen un uso de memoria previamente liberada por medio del componente Binary_string::free_buffer() en el archivo /sql/sql_string.h A flaw was found in the MariaDB Server. It contains a use-after-free via the component,Binary_string::free_buffer() at /sql/sql_string.h, affecting availability. • https://jira.mariadb.org/browse/MDEV-28099 https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html https://security.netapp.com/advisory/ntap-20220526-0006 https://access.redhat.com/security/cve/CVE-2022-27447 https://bugzilla.redhat.com/show_bug.cgi?id=2075693 • CWE-416: Use After Free CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-27445 – mariadb: assertion failure in compare_order_elements
https://notcve.org/view.php?id=CVE-2022-27445
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. Se ha detectado que MariaDB Server versiones v10.9 y anteriores, contienen un fallo de segmentación por medio del componente sql/sql_window.cc A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/sql_window.cc, impacting availability. • https://jira.mariadb.org/browse/MDEV-28081 https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html https://security.netapp.com/advisory/ntap-20220526-0006 https://access.redhat.com/security/cve/CVE-2022-27445 https://bugzilla.redhat.com/show_bug.cgi?id=2075691 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-27386 – mariadb: server crashes in query_arena::set_query_arena upon SELECT from view
https://notcve.org/view.php?id=CVE-2022-27386
MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. Se ha detectado que MariaDB Server versiones v10.7 y anteriores, contienen un fallo de segmentación por medio del componente sql/sql_class.cc A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/sql_class.cc, impacting availability. • https://jira.mariadb.org/browse/MDEV-26406 https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html https://security.netapp.com/advisory/ntap-20220526-0004 https://access.redhat.com/security/cve/CVE-2022-27386 https://bugzilla.redhat.com/show_bug.cgi?id=2075005 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-27387 – mariadb: assertion failures in decimal_bin_size
https://notcve.org/view.php?id=CVE-2022-27387
MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. Se ha detectado que MariaDB Server versiones v10.7 y anteriores, contienen un desbordamiento de búfer global en el componente decimal_bin_size, que es explotada por medio de sentencias SQL especialmente diseñadas A flaw was found in the MariaDB Server. It contains a global buffer overflow in the component, decimal_bin_size, which is exploited via specially crafted SQL statements, impacting availability. • https://jira.mariadb.org/browse/MDEV-26422 https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html https://security.netapp.com/advisory/ntap-20220526-0004 https://access.redhat.com/security/cve/CVE-2022-27387 https://bugzilla.redhat.com/show_bug.cgi?id=2075006 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-27385 – mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join
https://notcve.org/view.php?id=CVE-2022-27385
An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. Se ha detectado un problema en el componente Used_tables_and_const_cache::used_tables_and_const_cache_join de MariaDB Server versiones v10.7 y anteriores, permite a atacantes causar una denegación de servicio (DoS) por medio de sentencias SQL especialmente diseñadas A flaw was found in MariaDB. An issue in the component, Used_tables_and_const_cache::used_tables_and_const_cache_join, of the MariaDB Server v10.7 allows attackers to cause a denial of service (DoS) via specially crafted SQL statements, impacting availability. • https://jira.mariadb.org/browse/MDEV-26415 https://security.netapp.com/advisory/ntap-20220526-0008 https://access.redhat.com/security/cve/CVE-2022-27385 https://bugzilla.redhat.com/show_bug.cgi?id=2075001 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •