CVE-2022-27377

Опубликовано: 12 апр. 2022

Источник: debian

Описание

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
mariadb-10.6	fixed	1:10.6.8-1		package
mariadb-10.5	removed			package
mariadb-10.5	fixed	1:10.5.18-0+deb11u1	bullseye	package
mariadb-10.3	removed			package
mariadb-10.1	not-affected			package

Примечания

https://jira.mariadb.org/browse/MDEV-26281
Commit MariaDB: https://github.com/MariaDB/server/commit/4681b6f2d8c82b4ec5cf115e83698251963d80d5 (10.2.44)

Связанные уязвимости

CVE-2022-27377

CVSS3: 7.5

ubuntu

около 3 лет назад

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.

CVE-2022-27377

CVSS3: 7.5

redhat

почти 4 года назад

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.

CVE-2022-27377

CVSS3: 7.5

nvd

около 3 лет назад

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.

CVE-2022-27377

CVSS3: 7.5

msrc

около 3 лет назад

Описание отсутствует

GHSA-99jw-w9c8-f6wv

CVSS3: 7.5

github

около 3 лет назад

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.