Debian Mariadb-10.5 vulnerabilities

CVE-2022-27385 [HIGH] CVE-2022-27385: mariadb-10.5 - An issue in the component Used_tables_and_const_cache::used_tables_and_const_cac... An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. Scope: local bullseye: resolved (fixed in 1:10.5.13-0+deb11u1)

CVE-2022-27384 [HIGH] CVE-2022-27384: mariadb-10.5 - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Ser... An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. Scope: local bullseye: resolved (fixed in 1:10.5.18-0+deb11u1)

CVE-2022-32084 [HIGH] CVE-2022-32084: mariadb-10.5 - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the co... MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. Scope: local bullseye: resolved (fixed in 1:10.5.18-0+deb11u1)

CVE-2022-24050 [HIGH] CVE-2022-24050: mariadb-10.5 - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability... MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existen

CVE-2022-27380 [HIGH] CVE-2022-27380: mariadb-10.5 - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and be... An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. Scope: local bullseye: resolved (fixed in 1:10.5.18-0+deb11u1)

CVE-2022-24051 [HIGH] CVE-2022-24051: mariadb-10.5 - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability.... MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a

CVE-2022-32091 [HIGH] CVE-2022-32091: mariadb-10.5 - MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_... MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. Scope: local bullseye: resolved (fixed in 1:10.5.18-0+deb11u1)

CVE-2022-31621 [MEDIUM] CVE-2022-31621: mariadb-10.5 - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabac... MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an imprope

CVE-2022-21427 [MEDIUM] CVE-2022-21427: mariadb-10.5 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FT... Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauth

CVE-2022-31624 [MEDIUM] CVE-2022-31624: mariadb-10.5 - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing t... MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Scope: local bullseye: resolved (fixed in 1:10.5.15-0+deb11u1)

CVE-2022-38791 [MEDIUM] CVE-2022-38791: mariadb-10.5 - In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc doe... In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. Scope: local bullseye: resolved (fixed in 1:10.5.18-0+deb11u1)

CVE-2022-31622 [MEDIUM] CVE-2022-31622: mariadb-10.5 - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabac... MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is

CVE-2022-31623 [MEDIUM] CVE-2022-31623: mariadb-10.5 - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabac... MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues t

CVE-2022-47015 [MEDIUM] CVE-2022-47015: mariadb - MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It... MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. Scope: local bookworm: resolved (fixed in 1:10.11.3-1) forky: resolved (fixed in 1:10.11.3-1) sid: resolved (fixed in 1:10.11.3-1) trixie: resolved (fixed in 1:10.11.3-1)

CVE-2021-27928 [HIGH] CVE-2021-27928: mariadb-10.5 - A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.... A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider

CVE-2021-46669 [HIGH] CVE-2021-46669: mariadb-10.5 - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-af... MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. Scope: local bullseye: resolved (fixed in 1:10.5.18-0+deb11u1)

CVE-2021-46663 [MEDIUM] CVE-2021-46663: mariadb-10.5 - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain S... MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. Scope: local bullseye: resolved (fixed in 1:10.5.15-0+deb11u1)

CVE-2021-2022 [MEDIUM] CVE-2021-2022: mariadb-10.5 - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). S... Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can res

CVE-2021-46658 [MEDIUM] CVE-2021-46658: mariadb-10.5 - save_window_function_values in MariaDB before 10.6.3 allows an application crash... save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. Scope: local bullseye: resolved (fixed in 1:10.5.11-1)

CVE-2021-46661 [MEDIUM] CVE-2021-46661: mariadb-10.5 - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and f... MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). Scope: local bullseye: resolved (fixed in 1:10.5.15-0+deb11u1)