Описание
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in wsrep_sst_method allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.
Отчет
galera packages as shipped with Red Hat Enterprise Linux and Red Hat Software Collections are not affected because they do not contain the vulnerable mysql-wsrep component.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | mariadb | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | galera | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | galera | Not affected | ||
| Red Hat Software Collections | rh-mariadb102-galera | Not affected | ||
| Red Hat Software Collections | rh-mariadb102-mariadb | Will not fix | ||
| Red Hat Enterprise Linux 8 | mariadb | Fixed | RHSA-2020:5500 | 15.12.2020 |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | mariadb | Fixed | RHSA-2020:5663 | 22.12.2020 |
| Red Hat Enterprise Linux 8.1 Extended Update Support | mariadb | Fixed | RHSA-2020:5665 | 22.12.2020 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | mariadb | Fixed | RHSA-2020:5654 | 22.12.2020 |
| Red Hat OpenStack Platform 10.0 (Newton) | mariadb-galera | Fixed | RHSA-2020:5379 | 08.12.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
9 Critical
CVSS3
Связанные уязвимости
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.
A flaw was found in the mysql-wsrep component of mariadb. Lack of inpu ...
Уязвимость компонента mysql-wsrep СУБД MariaDB, связанная с ошибками обработки входных данных при выполнении синтаксического анализа кода, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS
9 Critical
CVSS3