CVE-2022-27385SQL Injection in Mariadb

CWE-89SQL Injection7 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 50.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
MariadbDebian Mariadb-10.5Msrc Cbl2 Mariadb 10.6.9-1 ON CBL Mariner 2.0+1 more
Timeline
PublishedApr 12
Latest updateJan 27

Description

An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDmariadb/mariadb10.4.010.4.22+3
debiandebian/mariadb-10.5< mariadb-10.5 1:10.5.13-0+deb11u1 (bullseye)

🔴Vulnerability Details

2
GHSA
GHSA-m469-6q82-xqvx: An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v102022-04-13
OSV
CVE-2022-27385: An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v102022-04-12

📋Vendor Advisories

4
CISA ICS
Festo Didactic SE MES PC2026-01-27
Microsoft
An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via speci2022-04-12
Debian
CVE-2022-27385: mariadb-10.5 - An issue in the component Used_tables_and_const_cache::used_tables_and_const_cac...2022
Red Hat
mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join2020-05-05