| VID |
25385 |
| Severity |
30 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The version of MariaDB installed on the remote host is prior to 10.8.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mdb-1084-rn advisory.
- zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. (CVE-2018-25032)
- MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. (CVE-2022-32081)
- MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. (CVE-2022-32082)
- MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.(CVE-2022-32084)
- MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. (CVE-2022-32089)
- MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.(CVE-2022-32091)
* References:
https://mariadb.com/kb/en/mdb-1084-rn
* Platforms Affected:
MariaDB versions 10.8.x prior to 10.8.4
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MariaDB (10.8.4 or later), available from the MariaDB Web site at https://downloads.mariadb.org/ |
| Related URL |
CVE-2018-25032,CVE-2022-32081,CVE-2022-32082,CVE-2022-32084,CVE-2022-32089,CVE-2022-32091 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
