Описание
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
[Disputed] A flaw was found in MariaDB. This flaw allows a remote attacker to use a specially crafted payload to execute arbitrary commands in certain configurations.
Отчет
The MariaDB Foundation disputes this CVE, stating that it does not involve a privilege boundary being crossed.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | mariadb | Not affected | ||
| Red Hat Enterprise Linux 8 | mariadb:10.11/mariadb | Not affected | ||
| Red Hat Enterprise Linux 8 | mariadb:10.3/mariadb | Not affected | ||
| Red Hat Enterprise Linux 8 | mariadb:10.5/mariadb | Not affected | ||
| Red Hat Enterprise Linux 8 | mariadb-devel:10.3/mariadb | Not affected | ||
| Red Hat Enterprise Linux 9 | mariadb | Not affected | ||
| Red Hat Enterprise Linux 9 | mariadb:10.11/mariadb | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
MariaDB v10.5 was discovered to contain a remote code execution (RCE) ...
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability.
Уязвимость пользовательских функций (UDF) системы управления базами данных MariaDB, позволяющая нарушителю выполнить произвольный код
EPSS
5.5 Medium
CVSS3