Описание
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | mariadb | Out of support scope | ||
| Red Hat Enterprise Linux 9 | mariadb | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | mariadb | Out of support scope | ||
| Red Hat Enterprise Linux 8 | mariadb | Fixed | RHSA-2022:1556 | 26.04.2022 |
| Red Hat Enterprise Linux 8 | mariadb | Fixed | RHSA-2022:1557 | 26.04.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | mariadb | Fixed | RHSA-2022:4818 | 31.05.2022 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-mariadb105-galera | Fixed | RHSA-2022:1007 | 22.03.2022 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-mariadb105-mariadb | Fixed | RHSA-2022:1007 | 22.03.2022 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-mariadb103-galera | Fixed | RHSA-2022:1010 | 22.03.2022 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-mariadb103-mariadb | Fixed | RHSA-2022:1010 | 22.03.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
** DISPUTED ** MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extr ...
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
EPSS
5.5 Medium
CVSS3