| VID |
25219 |
| Severity |
30 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The version of MariaDB running on the remote host is 10.2.x prior to 10.2.3. It is, therefore, affected by multiple vulnerabilities :
- A denial of service vulnerability exists in the trx_state_eq() function due to improper handling of state errors.
- A denial of service vulnerability exists in the lock_rec_queue_validate() function in lock/lock0lock.cc due to improper handling of lock requests.
- A denial of service vulnerability exists in the date_add_interval() function in sql/sql_time.cc due to improper handling of INTERVAL arguments. An authenticated, remote attacker can exploit this to crash the database.
- A denial of service vulnerability exists in sql/item_subselect.cc due to improper handling of queries from the select/unit tree.
- A denial of service vulnerability exists in the check_well_formed_result() function in sql/item.cc due to improper handling of row validation.
- A denial of service vulnerability exists in the check_contains() function in sql/item_jsonfunc.cc due to improper handling of a specially crafted array.
- A denial of service vulnerability exists in the init_ror_merged_scan() function in sql/opt_range.cc due to improper handling a specially crafted table column
- A denial of service vulnerability exists in the val_str() function in sql/item_jsonfunc.cc due to improper handling of scalar values.
- A denial of service vulnerability exists in the mark_object() and mark_array() functions in strings/json_lib.c due to improper handling of JSON_VALID selections.
- A denial of service vulnerability exists in the mark_object() and mark_array() functions in strings/json_lib.c due to improper handling of JSON arrays.
- A denial of service vulnerability exists in the mark_object() and mark_array() functions in strings/json_lib.c due to improper handling of JSON_VALID selections.
- A denial of service vulnerability exists in the fix_length_and_dec() function in sql/item_jsonfunc.cc due to improper handling of JSON casting.
- A denial of service vulnerability exists in the fparse_one_or_all() function in sql/item_jsonfunc.cc due to improper handling of input passed via the 'one_or_all' parameter.
- A denial of service vulnerability exists in the val_str() function in sql/item_jsonfunc.cc due to improper handling of value_length
- A denial of service vulnerability exists in the trx_state_eq() function due to improper handling of state errors.
- A denial of service vulnerability exists in the lock_rec_queue_validate() function in lock/lock0lock.cc due to improper handling of lock requests.
- A denial of service vulnerability exists in the date_add_interval() function in sql/sql_time.cc due to improper handling of INTERVAL arguments.
- A denial of service vulnerability exists in sql/item_subselect.cc due to improper handling of queries from the select/unit tree.
- A denial of service vulnerability exists in the check_well_formed_result() function in sql/item.cc due to improper handling of row validation.
- A denial of service vulnerability exists in the check_contains() function in sql/item_jsonfunc.cc due to improper handling of a specially crafted array.
- A denial of service vulnerability exists in the init_ror_merged_scan() function in sql/opt_range.cc due to improper handling a specially crafted table column.
- A denial of service vulnerability exists in the val_str() function in sql/item_jsonfunc.cc due to improper handling of scalar values.
- A denial of service vulnerability exists in the mark_object() and mark_array() functions in strings/json_lib.c due to improper handling of JSON_VALID selections.
* Note: This check solely relied on the banner of the remote MariaDB server to assess this vulnerability, so this might be a false positive.
* References:
https://mariadb.com/kb/en/mariadb/mariadb-1023-changelog/
https://mariadb.com/kb/en/mariadb/mariadb-1023-release-notes/
* Platforms Affected:
MariaDB versio |
| Recommendation |
Upgrade to the latest version of MariaDB (10.2.3 or later), available from the MariaDB Web site at https://downloads.mariadb.org/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
