Msrc Cbl2 Mariadb 10.6.8-1 On Cbl Mariner 2.0 vulnerabilities

CVE-2022-27457 [HIGH] CWE-416 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who

CVE-2022-27384 [HIGH] CWE-89 An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL state An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. FAQ: Is Azure Linux the only Microsoft product that includes t

CVE-2022-27445 [HIGH] MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment

CVE-2022-27447 [HIGH] CWE-416 MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our cust

CVE-2022-27377 [HIGH] CWE-416 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup() which is exploited via specially crafted SQL statements. MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup() which is exploited via specially crafted SQL statements. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affe

CVE-2022-27456 [HIGH] CWE-416 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure

CVE-2022-27449 [HIGH] MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the comm

CVE-2022-27451 [HIGH] MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment

CVE-2022-27378 [HIGH] CWE-89 An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. FAQ: Is Azure Linux the only Microsoft product that includes this open-source libr

CVE-2022-27380 [HIGH] CWE-89 An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library an

CVE-2022-27387 [HIGH] CWE-120 MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size which is exploited via specially crafted SQL statements. MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size which is exploited via specially crafted SQL statements. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected

CVE-2022-27448 [HIGH] CWE-617 There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azur

CVE-2022-27381 [HIGH] CWE-89 An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is there

CVE-2022-27386 [HIGH] CWE-89 MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commi

CVE-2022-27379 [HIGH] CWE-89 An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statemen An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. FAQ: Is Azure Linux the only Microsoft product that includes this

CVE-2022-27376 [HIGH] CWE-416 MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg which is exploited via specially crafted SQL statements. MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg which is exploited via specially crafted SQL statements. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by

CVE-2022-27383 [HIGH] CWE-416 MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit which is exploited via specially crafted SQL statements. MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit which is exploited via specially crafted SQL statements. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this v