Описание
An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mariadb-10.6 | fixed | 1:10.6.8-1 | package | |
| mariadb-10.5 | removed | package | ||
| mariadb-10.5 | fixed | 1:10.5.18-0+deb11u1 | bullseye | package |
| mariadb-10.3 | removed | package | ||
| mariadb-10.1 | not-affected | package |
Примечания
MariaDB bug: https://jira.mariadb.org/browse/MDEV-26353
MariaDB bug (main): https://jira.mariadb.org/browse/MDEV-24176
Same fix than CVE-2022-27376, CVE-2022-27447, CVE-2022-27449, CVE-2022-27452, CVE-2022-27456
Fixed in MariaDB version 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4
Virtual column vulnerable code introduced in 10.2: https://mariadb.com/kb/en/changes-improvements-in-mariadb-10-2/
EPSS
Связанные уязвимости
An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
EPSS