Msrc Cm1 Mariadb 10.3.35-1 On Cbl Mariner 1.0 vulnerabilities

CVE-2022-31623 [MEDIUM] CWE-667 MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc when an error occurs (i.e. going to the err label) while executing the method create_worker_threads t MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc when an error occurs (i.e. going to the err label) while executing the method create_worker_threads the held lock thd->ctrl_mutex is not released correctly which allows

CVE-2022-31622 [MEDIUM] CWE-667 MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc when an error occurs (pthread_create returns a nonzero value) while executing the method create_worke MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads the held lock is not released correctly which allows loca

CVE-2022-31621 [MEDIUM] CWE-667 MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open the he MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open the held lock is not released correctly which allows local users to trigg

CVE-2022-31624 [MEDIUM] CWE-667 MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex the held lock lock_bigbuffer is not released correctly whi MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex the held lock lock_bigbuffer is not released correctly which allows local users to trigger a denial of service due to the dea

CVE-2022-27384 [HIGH] CWE-89 An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL state An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. FAQ: Is Azure Linux the only Microsoft product that includes t

CVE-2022-27445 [HIGH] MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment

CVE-2022-27447 [HIGH] CWE-416 MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our cust

CVE-2022-27377 [HIGH] CWE-416 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup() which is exploited via specially crafted SQL statements. MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup() which is exploited via specially crafted SQL statements. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affe

CVE-2022-27456 [HIGH] CWE-416 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure

CVE-2022-27449 [HIGH] MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the comm

CVE-2022-27378 [HIGH] CWE-89 An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. FAQ: Is Azure Linux the only Microsoft product that includes this open-source libr

CVE-2022-27380 [HIGH] CWE-89 An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library an

CVE-2022-27387 [HIGH] CWE-120 MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size which is exploited via specially crafted SQL statements. MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size which is exploited via specially crafted SQL statements. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected

CVE-2022-27448 [HIGH] CWE-617 There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azur

CVE-2022-27381 [HIGH] CWE-89 An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is there

CVE-2022-27385 [HIGH] CWE-89 An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via speci An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. FAQ: Is Azure Linux the only Microsoft p

CVE-2022-27386 [HIGH] CWE-89 MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commi

CVE-2022-27379 [HIGH] CWE-89 An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statemen An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. FAQ: Is Azure Linux the only Microsoft product that includes this

CVE-2022-27376 [HIGH] CWE-416 MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg which is exploited via specially crafted SQL statements. MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg which is exploited via specially crafted SQL statements. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by

CVE-2022-27383 [HIGH] CWE-416 MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit which is exploited via specially crafted SQL statements. MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit which is exploited via specially crafted SQL statements. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this v