CVE-2022-47015
mariadb: NULL pointer dereference in spider_db_mbase::print_warnings()
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.
MariaDB Server anterior a 10.3.34 hasta 10.9.3 es vulnerable a la denegaciĆ³n de servicio. Es posible que la funciĆ³n spider_db_mbase::print_warnings elimine la referencia a un puntero null.
Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.39 in Ubuntu 20.04 LTS, 10.6.16 in Ubuntu 22.04 LTS and 10.11.6 in Ubuntu 23.10. CVE-2022-47015 only affected the MariaDB packages in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-12-12 CVE Reserved
- 2023-01-20 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/06/msg00005.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20230309-0009 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954 | 2024-06-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.3.0 < 10.3.39 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.3.0 < 10.3.39" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.4.0 < 10.4.29 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.4.0 < 10.4.29" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.5.0 < 10.5.20 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.5.0 < 10.5.20" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.6.0 < 10.6.13 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.6.0 < 10.6.13" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.8.0 < 10.8.8 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.8.0 < 10.8.8" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.9.0 < 10.9.6 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.9.0 < 10.9.6" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.10.0 < 10.10.4 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.10.0 < 10.10.4" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.11.0 < 10.11.3 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.11.0 < 10.11.3" | - |
Affected
| ||||||