CVE-2022-24048
MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.
Vulnerabilidad de escalada de privilegios por desbordamiento de búfer en el motor de almacenamiento de MariaDB CONNECT. Esta vulnerabilidad permite a los atacantes locales escalar privilegios en las instalaciones afectadas de MariaDB. Se requiere autenticación para explotar esta vulnerabilidad. El fallo específico existe en el procesamiento de las consultas SQL. El problema se debe a la falta de validación adecuada de la longitud de los datos suministrados por el usuario antes de copiarlos en un búfer de longitud fija basado en la pila. Un atacante puede aprovechar esta vulnerabilidad para escalar privilegios y ejecutar código arbitrario en el contexto de la cuenta de servicio. Era ZDI-CAN-16191
This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability.
The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-27 CVE Reserved
- 2022-02-16 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-121: Stack-based Buffer Overflow
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20220318-0004 | Third Party Advisory |
|
| https://www.zerodayinitiative.com/advisories/ZDI-22-363 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://mariadb.com/kb/en/security | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.2.0 < 10.2.42 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.2.0 < 10.2.42" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.3.0 < 10.3.33 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.3.0 < 10.3.33" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.4.0 < 10.4.23 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.4.0 < 10.4.23" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.5.0 < 10.5.14 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.5.0 < 10.5.14" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.6.0 < 10.6.6 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.6.0 < 10.6.6" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.7.0 < 10.7.2 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.7.0 < 10.7.2" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 10.8.0 Search vendor "Mariadb" for product "Mariadb" and version "10.8.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||