CVE-2022-27385
mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
Se ha detectado un problema en el componente Used_tables_and_const_cache::used_tables_and_const_cache_join de MariaDB Server versiones v10.7 y anteriores, permite a atacantes causar una denegaciĆ³n de servicio (DoS) por medio de sentencias SQL especialmente diseƱadas
A flaw was found in MariaDB. An issue in the component, Used_tables_and_const_cache::used_tables_and_const_cache_join, of the MariaDB Server v10.7 allows attackers to cause a denial of service (DoS) via specially crafted SQL statements, impacting availability.
Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-03-21 CVE Reserved
- 2022-04-12 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20220526-0008 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://jira.mariadb.org/browse/MDEV-26415 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-27385 | 2022-05-31 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2075001 | 2022-05-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | < 10.3.32 Search vendor "Mariadb" for product "Mariadb" and version " < 10.3.32" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.4.0 < 10.4.22 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.4.0 < 10.4.22" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.5.0 < 10.5.13 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.5.0 < 10.5.13" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.6.0 < 10.6.5 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.6.0 < 10.6.5" | - |
Affected
| ||||||