Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-26785

Опубликовано: 17 окт. 2024
Источник: redhat
CVSS3: 5.5
EPSS Средний

Описание

MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

[Disputed] A flaw was found in MariaDB. This flaw allows a remote attacker to use a specially crafted payload to execute arbitrary commands in certain configurations.

Отчет

The MariaDB Foundation disputes this CVE, stating that it does not involve a privilege boundary being crossed.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10mariadb10.11Not affected
Red Hat Enterprise Linux 7mariadbNot affected
Red Hat Enterprise Linux 8mariadb:10.11/mariadbNot affected
Red Hat Enterprise Linux 8mariadb:10.3/mariadbNot affected
Red Hat Enterprise Linux 8mariadb:10.5/mariadbNot affected
Red Hat Enterprise Linux 8mariadb-devel:10.3/mariadbNot affected
Red Hat Enterprise Linux 9mariadbNot affected
Red Hat Enterprise Linux 9mariadb:10.11/mariadbNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-754
https://bugzilla.redhat.com/show_bug.cgi?id=2319550mariadb: RCE vulnerability

EPSS

Процентиль: 98%
0.57163
Средний

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-26785

CVSS3: 9.8
ubuntu
больше 1 года назад

MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

nvd логотип

CVE-2023-26785

CVSS3: 9.8
nvd
больше 1 года назад

MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

debian логотип

CVE-2023-26785

CVSS3: 9.8
debian
больше 1 года назад

MariaDB v10.5 was discovered to contain a remote code execution (RCE) ...

github логотип

GHSA-jj42-9w8m-9979

CVSS3: 9.8
github
больше 1 года назад

MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability.

fstec логотип

BDU:2024-08759

CVSS3: 9.8
fstec
почти 3 года назад

Уязвимость пользовательских функций (UDF) системы управления базами данных MariaDB, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 98%
0.57163
Средний

5.5 Medium

CVSS3