CVE-2022-31624
mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegación de servicio. Mientras es ejecutado el método log_statement_ex del archivo plugin/server_audit/server_audit.c, el bloqueo mantenido lock_bigbuffer no es liberado correctamente, lo que permite a usuarios locales desencadenar una denegación de servicio debido al bloqueo
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-05-25 CVE Reserved
- 2022-05-25 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-404: Improper Resource Shutdown or Release
- CWE-667: Improper Locking
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20220707-0006 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/MariaDB/server/commit/d627d00b13ab2f2c0954ea7b77202470cb102944 | 2023-08-08 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-31624 | 2022-05-31 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2092362 | 2022-05-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | < 10.2.41 Search vendor "Mariadb" for product "Mariadb" and version " < 10.2.41" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.3.0 < 10.3.32 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.3.0 < 10.3.32" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.4.0 < 10.4.22 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.4.0 < 10.4.22" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.5.0 < 10.5.13 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.5.0 < 10.5.13" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.6.0 < 10.6.5 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.6.0 < 10.6.5" | - |
Affected
| ||||||