Alert IDs:
- 2e21270c-7e35-4eda-b636-393bdf2eefb2
- 314ca791-5424-4b0d-8f09-60cff57c68c8
- 3c79267d-2035-4d61-95b4-c797e62417c6
- 4f5aa38c-b342-430c-b08a-c633a49b75f8
- 7151d973-b081-4890-8117-87264fe3eafb
- 7e5eb61d-0e68-4c14-94f5-9b48610d9ec1
- 9fa0960c-06b8-4cfa-8005-fe1f779933e9
- a0527bc5-d222-4243-81d3-dd20a2e4881f
- a5f73ec1-4ee1-42cb-b0cd-99e9a0f00b78
- a8b94446-5421-4999-99f8-5659b49ed891
- bcbb3cbc-830d-4a02-ae7f-570e74a1e65d
- c84255bc-d7d5-48db-ab90-846554e42e57
- d8bd9f01-3619-47ef-8c11-d0457e9448b9
- dfe11ead-e826-4490-829e-50c7dcd98603
- e35dc207-f4c2-462d-b530-b2e705165440
- fa213fbb-48d0-4047-baf5-fee4a41fa135
Vulnerabilities in mariadb
Release: March19
Total Vulnerabilities: 16
Severity: HIGH (Score: 7.8)
Description:
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2015-2325
Alert ID: 2e21270c-7e35-4eda-b636-393bdf2eefb2
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-46667
Alert ID: 314ca791-5424-4b0d-8f09-60cff57c68c8
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-31622
Alert ID: 3c79267d-2035-4d61-95b4-c797e62417c6
Severity: HIGH (Score: 7.0)
Description:
With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. This affects MariaDB Server before 10.1.48, 10.2.x before 10.2.35, 10.3.x before 10.3.26, 10.4.x before 10.4.16, and 10.5.x before 10.5.7. NOTE: this issue exists because certain details of the MariaDB CVE-2019-2503 fix did not comprehensively address attack variants against MariaDB. This situation is specific to MariaDB, and thus CVE-2020-28912 does NOT apply to other vendors that were originally affected by CVE-2019-2503.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-28912
Alert ID: 4f5aa38c-b342-430c-b08a-c633a49b75f8
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-46666
Alert ID: 7151d973-b081-4890-8117-87264fe3eafb
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-31623
Alert ID: 7e5eb61d-0e68-4c14-94f5-9b48610d9ec1
Severity: HIGH (Score: 8.8)
Description:
sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-15365
Alert ID: 9fa0960c-06b8-4cfa-8005-fe1f779933e9
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-31621
Alert ID: a0527bc5-d222-4243-81d3-dd20a2e4881f
Severity: HIGH (Score: 7.5)
Description:
An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-27385
Alert ID: a5f73ec1-4ee1-42cb-b0cd-99e9a0f00b78
Severity: MEDIUM (Score: 4.3)
Description:
In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2026-3494
Alert ID: a8b94446-5421-4999-99f8-5659b49ed891
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-46659
Alert ID: bcbb3cbc-830d-4a02-ae7f-570e74a1e65d
Severity: HIGH (Score: 7.5)
Description:
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-5157
Alert ID: c84255bc-d7d5-48db-ab90-846554e42e57
Severity: HIGH (Score: 7.5)
Description:
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-27449
Alert ID: d8bd9f01-3619-47ef-8c11-d0457e9448b9
Severity: HIGH (Score: 7.8)
Description:
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-15945
Alert ID: dfe11ead-e826-4490-829e-50c7dcd98603
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-31624
Alert ID: e35dc207-f4c2-462d-b530-b2e705165440
Severity: HIGH (Score: 7.5)
Description:
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-46669
Alert ID: fa213fbb-48d0-4047-baf5-fee4a41fa135
Alert IDs:
Vulnerabilities in mariadb
Release: March19
Total Vulnerabilities: 16
1. CVE-2015-2325
Severity: HIGH (Score: 7.8)
Description:
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2015-2325
Alert ID: 2e21270c-7e35-4eda-b636-393bdf2eefb2
2. CVE-2021-46667
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-46667
Alert ID: 314ca791-5424-4b0d-8f09-60cff57c68c8
3. CVE-2022-31622
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-31622
Alert ID: 3c79267d-2035-4d61-95b4-c797e62417c6
4. CVE-2020-28912
Severity: HIGH (Score: 7.0)
Description:
With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. This affects MariaDB Server before 10.1.48, 10.2.x before 10.2.35, 10.3.x before 10.3.26, 10.4.x before 10.4.16, and 10.5.x before 10.5.7. NOTE: this issue exists because certain details of the MariaDB CVE-2019-2503 fix did not comprehensively address attack variants against MariaDB. This situation is specific to MariaDB, and thus CVE-2020-28912 does NOT apply to other vendors that were originally affected by CVE-2019-2503.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-28912
Alert ID: 4f5aa38c-b342-430c-b08a-c633a49b75f8
5. CVE-2021-46666
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-46666
Alert ID: 7151d973-b081-4890-8117-87264fe3eafb
6. CVE-2022-31623
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-31623
Alert ID: 7e5eb61d-0e68-4c14-94f5-9b48610d9ec1
7. CVE-2017-15365
Severity: HIGH (Score: 8.8)
Description:
sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-15365
Alert ID: 9fa0960c-06b8-4cfa-8005-fe1f779933e9
8. CVE-2022-31621
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-31621
Alert ID: a0527bc5-d222-4243-81d3-dd20a2e4881f
9. CVE-2022-27385
Severity: HIGH (Score: 7.5)
Description:
An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-27385
Alert ID: a5f73ec1-4ee1-42cb-b0cd-99e9a0f00b78
10. CVE-2026-3494
Severity: MEDIUM (Score: 4.3)
Description:
In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2026-3494
Alert ID: a8b94446-5421-4999-99f8-5659b49ed891
11. CVE-2021-46659
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-46659
Alert ID: bcbb3cbc-830d-4a02-ae7f-570e74a1e65d
12. CVE-2023-5157
Severity: HIGH (Score: 7.5)
Description:
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-5157
Alert ID: c84255bc-d7d5-48db-ab90-846554e42e57
13. CVE-2022-27449
Severity: HIGH (Score: 7.5)
Description:
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-27449
Alert ID: d8bd9f01-3619-47ef-8c11-d0457e9448b9
14. CVE-2017-15945
Severity: HIGH (Score: 7.8)
Description:
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-15945
Alert ID: dfe11ead-e826-4490-829e-50c7dcd98603
15. CVE-2022-31624
Severity: MEDIUM (Score: 5.5)
Description:
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-31624
Alert ID: e35dc207-f4c2-462d-b530-b2e705165440
16. CVE-2021-46669
Severity: HIGH (Score: 7.5)
Description:
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-46669
Alert ID: fa213fbb-48d0-4047-baf5-fee4a41fa135