// For flags

CVE-2021-27928

MariaDB 10.2 - 'wsrep_provider' OS Command Execution

Severity Score

7.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

6
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.

Se detectó un problema de ejecución de código remota en MariaDB versiones 10.2 anteriores a 10.2.37, versiones 10.3 anteriores a 10.3.28, versiones 10.4 anteriores a 10.4.18 y versiones 10.5 anteriores a 10.5.9; Percona Server versiones hasta el 03-03-2021; y el parche de wsrep versiones hasta el 03-03-2021 para MySQL. Una ruta de búsqueda que no es confiable conlleva a una inyección eval, en la que un usuario SUPER de la base de datos puede ejecutar comandos del Sistema Operativo después de modificar las funciones wsrep_provider y wsrep_notify_cmd. NOTA: esto no afecta a un producto de Oracle

An update that solves four vulnerabilities and has two fixes is now available. This update for mariadb fixes the following issues. DML unspecified vulnerability lead to complete DOS. DML unspecified vulnerability can lead to complete DOS. InnoDB unspecified vulnerability lead to complete DOS. Fixed a remote code execution issue.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-03-03 CVE Reserved
  • 2021-03-19 CVE Published
  • 2021-04-14 First Exploit
  • 2024-08-03 CVE Updated
  • 2025-07-09 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mariadb
Search vendor "Mariadb"
 Mariadb
Search vendor "Mariadb" for product "Mariadb"
 >= 10.2 < 10.2.37
Search vendor "Mariadb" for product "Mariadb" and version " >= 10.2 < 10.2.37"
-
Affected
Mariadb
Search vendor "Mariadb"
 Mariadb
Search vendor "Mariadb" for product "Mariadb"
 >= 10.3 < 10.3.28
Search vendor "Mariadb" for product "Mariadb" and version " >= 10.3 < 10.3.28"
-
Affected
Mariadb
Search vendor "Mariadb"
 Mariadb
Search vendor "Mariadb" for product "Mariadb"
 >= 10.4 < 10.4.18
Search vendor "Mariadb" for product "Mariadb" and version " >= 10.4 < 10.4.18"
-
Affected
Mariadb
Search vendor "Mariadb"
 Mariadb
Search vendor "Mariadb" for product "Mariadb"
 >= 10.5 < 10.5.9
Search vendor "Mariadb" for product "Mariadb" and version " >= 10.5 < 10.5.9"
-
Affected
Percona
Search vendor "Percona"
 Percona Server
Search vendor "Percona" for product "Percona Server"
 <= 2021-03-03
Search vendor "Percona" for product "Percona Server" and version " <= 2021-03-03"
-
Affected
Galeracluster
Search vendor "Galeracluster"
 Wsrep
Search vendor "Galeracluster" for product "Wsrep"
 <= 2021-03-03
Search vendor "Galeracluster" for product "Wsrep" and version " <= 2021-03-03"
mysql
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected