Уязвимость DoS атаки в MariaDB Server из-за некорректного освобождения блокировки в методе "log_statement_ex" плагина "server_audit"
Описание
В MariaDB Server обнаружена уязвимость, приводящая к DoS атаке. Проблема связана с тем, что в методе log_statement_ex плагина server_audit блокировка lock_bigbuffer не снимается корректно, что позволяет локальным пользователям инициировать взаимную блокировку и вызвать DoS атаку.
Затронутые версии ПО
- MariaDB Server до версии 10.7
Тип уязвимости
DoS атака (Denial of Service)
Ссылки
- PatchThird Party Advisory
- Issue TrackingPermissions RequiredThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Issue TrackingPermissions RequiredThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
Связанные уязвимости
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
MariaDB Server before 10.7 is vulnerable to Denial of Service. While e ...
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
EPSS
5.5 Medium
CVSS3
2.1 Low
CVSS2