CVE-2022-27380

Опубликовано: 12 апр. 2022

Источник: debian

EPSS Низкий

Описание

An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
mariadb-10.6	fixed	1:10.6.8-1		package
mariadb-10.5	removed			package
mariadb-10.5	fixed	1:10.5.18-0+deb11u1	bullseye	package
mariadb-10.3	removed			package
mariadb-10.1	removed			package

Примечания

MariaDB bug: https://jira.mariadb.org/browse/MDEV-26280
MariaDB bug (main): https://jira.mariadb.org/browse/MDEV-25994
Fixed in MariaDB 10.2.44, 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4, 10.8.3, 10.9.1
MariaDB commit: https://github.com/MariaDB/server/commit/3c209bfc040ddfc41ece8357d772547432353fd2 (10.2.44)

EPSS

Процентиль: 66%

0.00521

Низкий

Связанные уязвимости

CVE-2022-27380

CVSS3: 7.5

ubuntu

больше 3 лет назад

An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

CVE-2022-27380

CVSS3: 7.5

redhat

около 4 лет назад

An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

CVE-2022-27380

CVSS3: 7.5

nvd

больше 3 лет назад

An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

CVE-2022-27380

CVSS3: 7.5

msrc

больше 3 лет назад

Описание отсутствует

GHSA-8gjp-gp42-7qg3

CVSS3: 7.5

github

больше 3 лет назад

An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

EPSS

Процентиль: 66%

0.00521

Низкий