CVE-2020-13249 — Improper Input Validation in Connector C
Severity
8.8HIGHNVD
EPSS
0.7%
top 27.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 20
Latest updateMay 24
Description
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages2 packages
Also affects: Fedora 31, 32
Patches
🔴Vulnerability Details
4📋Vendor Advisories
2💬Community
5Bugzilla▶
CVE-2020-13249 mariadb:10.3/mariadb: mariadb-connector-c: Improper validation of content in a OK packet received from server [fedora-all]↗2020-06-04
Bugzilla▶
CVE-2020-13249 mariadb:10.4/mariadb: mariadb-connector-c: Improper validation of content in a OK packet received from server [fedora-all]↗2020-06-04
Bugzilla▶
CVE-2020-13249 mariadb: mariadb-connector-c: Improper validation of content in a OK packet received from server [fedora-all]↗2020-06-04
Bugzilla▶
CVE-2020-13249 mariadb-connector-c: Improper validation of content in a OK packet received from a client [fedora-all]↗2020-05-25
Bugzilla▶
CVE-2020-13249 mariadb-connector-c: Improper validation of content in a OK packet received from server↗2020-05-25