CVE-2023-5157 – Mariadb: node crashes with transport endpoint is not connected mysqld got signal 6
https://notcve.org/view.php?id=CVE-2023-5157
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. Se encontró una vulnerabilidad en MariaDB. Un escaneo de puertos OpenVAS en los puertos 3306 y 4567 permite que un cliente remoto malicioso provoque una denegación de servicio. • https://access.redhat.com/errata/RHSA-2023:5683 https://access.redhat.com/errata/RHSA-2023:5684 https://access.redhat.com/errata/RHSA-2023:6821 https://access.redhat.com/errata/RHSA-2023:6822 https://access.redhat.com/errata/RHSA-2023:6883 https://access.redhat.com/errata/RHSA-2023:7633 https://access.redhat.com/security/cve/CVE-2023-5157 https://bugzilla.redhat.com/show_bug.cgi?id=2240246 • CWE-400: Uncontrolled Resource Consumption •
CVE-2022-47015 – mariadb: NULL pointer dereference in spider_db_mbase::print_warnings()
https://notcve.org/view.php?id=CVE-2022-47015
MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. MariaDB Server anterior a 10.3.34 hasta 10.9.3 es vulnerable a la denegación de servicio. Es posible que la función spider_db_mbase::print_warnings elimine la referencia a un puntero null. • https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954 https://lists.debian.org/debian-lts-announce/2023/06/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O22PO3Q6TRSNJI2A2WTJH3VVCHEKBF6C https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUQ33SPQCZQD63TWAM3XKFNVNFRGPFYU https://security.netapp.com/advisory/ntap-20230309-0009 https://access.redhat.com/security/cve/CVE-2022-47015 https://bugzilla.redhat.com/ • CWE-476: NULL Pointer Dereference •
CVE-2022-21595 – mysql: C API unspecified vulnerability (CPU Oct 2022)
https://notcve.org/view.php?id=CVE-2022-21595
Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). • https://security.netapp.com/advisory/ntap-20221028-0013 https://www.oracle.com/security-alerts/cpuoct2022.html https://access.redhat.com/security/cve/CVE-2022-21595 https://bugzilla.redhat.com/show_bug.cgi?id=2142862 •
CVE-2022-38791 – mariadb: compress_write() fails to release mutex on failure
https://notcve.org/view.php?id=CVE-2022-38791
In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. En MariaDB versiones anteriores a 10.9.2, la función compress_write en el archivo extra/mariabackup/ds_compress.cc no libera data_mutex tras un fallo de escritura en el flujo, lo que permite a usuarios locales desencadenar un bloqueo. • https://jira.mariadb.org/browse/MDEV-28719 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCOEGSVMIEXDZHBOSV6WVF7FAVRBR2JE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTVAONAZXJFGHAJ4RP2OF3EAMQCOTDSQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHISY4YVO4S5QJYYIXCIAXBM7INOL4VY https://security.netapp.com/advisory/ntap-20221104-0008 https://access.redhat.com/security/cve/CVE-2022-38791 https://b • CWE-667: Improper Locking •
CVE-2022-32088 – mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort
https://notcve.org/view.php?id=CVE-2022-32088
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. Se ha detectado que MariaDB versiones v10.2 a v10.7, contiene un fallo de segmentación por el componente Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort • https://jira.mariadb.org/browse/MDEV-26419 https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html https://security.netapp.com/advisory/ntap-20220818-0005 https://access.redhat.com/security/cve/CVE-2022-32088 https://bugzilla.redhat.com/show_bug.cgi?id=2106008 • CWE-229: Improper Handling of Values •