Alert IDs:
- 16cfac6a-87c8-4648-becc-87cb38c56038
- 1d538c9a-e202-4ae6-9aa8-34beecbad668
- 21e06a3d-c164-496a-9c95-58d4a1721d2e
- 4cd1211c-0f02-4050-88ac-219ad4fc8361
- 4ec4e8a7-929d-44c0-af08-bc794d82075c
- 66810e9d-d780-413c-a431-a2aa5441d87c
- 6a497688-7459-4ba8-8870-eae2d6523e93
- 73117bf7-6ea6-4af8-aaac-1c7ee17484d5
- 9c32d00b-0c17-4060-8fd7-6498ea45362d
- 9d839637-6923-47e3-b2a3-6f81a7d13104
- a6a1e3cb-9c8d-43b8-979a-106c90c64d6f
- c01f932f-921a-451c-8a40-cf6087da4efe
- ddb581a1-f50f-40e5-b344-1db5c0ee394b
- e244ec35-0ede-4ada-a8a2-e33528c2c849
- eb7c24c9-aa3e-435c-9d44-71c474ea34e1
- f02cda7b-03cb-46e2-91ba-e61b19858759
Vulnerabilities in mariadb
Release: March19 release 2
Total Vulnerabilities: 16
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-31621
Alert ID: 16cfac6a-87c8-4648-becc-87cb38c56038
Severity: HIGH (Score: 8.8)
Description:
sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-15365
Alert ID: 1d538c9a-e202-4ae6-9aa8-34beecbad668
Severity: MEDIUM (Score: 4.3)
Description:
In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2026-3494
Alert ID: 21e06a3d-c164-496a-9c95-58d4a1721d2e
Severity: HIGH (Score: 7.0)
Description:
With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. This affects MariaDB Server before 10.1.48, 10.2.x before 10.2.35, 10.3.x before 10.3.26, 10.4.x before 10.4.16, and 10.5.x before 10.5.7. NOTE: this issue exists because certain details of the MariaDB CVE-2019-2503 fix did not comprehensively address attack variants against MariaDB. This situation is specific to MariaDB, and thus CVE-2020-28912 does NOT apply to other vendors that were originally affected by CVE-2019-2503.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-28912
Alert ID: 4cd1211c-0f02-4050-88ac-219ad4fc8361
Severity: HIGH (Score: 7.5)
Description:
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-46669
Alert ID: 4ec4e8a7-929d-44c0-af08-bc794d82075c
Severity: HIGH (Score: 7.8)
Description:
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-15945
Alert ID: 66810e9d-d780-413c-a431-a2aa5441d87c
Severity: HIGH (Score: 7.8)
Description:
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2015-2325
Alert ID: 6a497688-7459-4ba8-8870-eae2d6523e93
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-46659
Alert ID: 73117bf7-6ea6-4af8-aaac-1c7ee17484d5
Severity: HIGH (Score: 7.5)
Description:
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-27449
Alert ID: 9c32d00b-0c17-4060-8fd7-6498ea45362d
Severity: HIGH (Score: 7.5)
Description:
An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-27385
Alert ID: 9d839637-6923-47e3-b2a3-6f81a7d13104
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-46667
Alert ID: a6a1e3cb-9c8d-43b8-979a-106c90c64d6f
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-31624
Alert ID: c01f932f-921a-451c-8a40-cf6087da4efe
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-31623
Alert ID: ddb581a1-f50f-40e5-b344-1db5c0ee394b
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-46666
Alert ID: e244ec35-0ede-4ada-a8a2-e33528c2c849
Severity: HIGH (Score: 7.5)
Description:
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-5157
Alert ID: eb7c24c9-aa3e-435c-9d44-71c474ea34e1
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-31622
Alert ID: f02cda7b-03cb-46e2-91ba-e61b19858759
Alert IDs:
Vulnerabilities in mariadb
Release: March19 release 2
Total Vulnerabilities: 16
1. CVE-2022-31621
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-31621
Alert ID: 16cfac6a-87c8-4648-becc-87cb38c56038
2. CVE-2017-15365
Severity: HIGH (Score: 8.8)
Description:
sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-15365
Alert ID: 1d538c9a-e202-4ae6-9aa8-34beecbad668
3. CVE-2026-3494
Severity: MEDIUM (Score: 4.3)
Description:
In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2026-3494
Alert ID: 21e06a3d-c164-496a-9c95-58d4a1721d2e
4. CVE-2020-28912
Severity: HIGH (Score: 7.0)
Description:
With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. This affects MariaDB Server before 10.1.48, 10.2.x before 10.2.35, 10.3.x before 10.3.26, 10.4.x before 10.4.16, and 10.5.x before 10.5.7. NOTE: this issue exists because certain details of the MariaDB CVE-2019-2503 fix did not comprehensively address attack variants against MariaDB. This situation is specific to MariaDB, and thus CVE-2020-28912 does NOT apply to other vendors that were originally affected by CVE-2019-2503.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-28912
Alert ID: 4cd1211c-0f02-4050-88ac-219ad4fc8361
5. CVE-2021-46669
Severity: HIGH (Score: 7.5)
Description:
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-46669
Alert ID: 4ec4e8a7-929d-44c0-af08-bc794d82075c
6. CVE-2017-15945
Severity: HIGH (Score: 7.8)
Description:
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-15945
Alert ID: 66810e9d-d780-413c-a431-a2aa5441d87c
7. CVE-2015-2325
Severity: HIGH (Score: 7.8)
Description:
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2015-2325
Alert ID: 6a497688-7459-4ba8-8870-eae2d6523e93
8. CVE-2021-46659
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-46659
Alert ID: 73117bf7-6ea6-4af8-aaac-1c7ee17484d5
9. CVE-2022-27449
Severity: HIGH (Score: 7.5)
Description:
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-27449
Alert ID: 9c32d00b-0c17-4060-8fd7-6498ea45362d
10. CVE-2022-27385
Severity: HIGH (Score: 7.5)
Description:
An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-27385
Alert ID: 9d839637-6923-47e3-b2a3-6f81a7d13104
11. CVE-2021-46667
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-46667
Alert ID: a6a1e3cb-9c8d-43b8-979a-106c90c64d6f
12. CVE-2022-31624
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-31624
Alert ID: c01f932f-921a-451c-8a40-cf6087da4efe
13. CVE-2022-31623
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-31623
Alert ID: ddb581a1-f50f-40e5-b344-1db5c0ee394b
14. CVE-2021-46666
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-46666
Alert ID: e244ec35-0ede-4ada-a8a2-e33528c2c849
15. CVE-2023-5157
Severity: HIGH (Score: 7.5)
Description:
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-5157
Alert ID: eb7c24c9-aa3e-435c-9d44-71c474ea34e1
16. CVE-2022-31622
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-31622
Alert ID: f02cda7b-03cb-46e2-91ba-e61b19858759