SB2022052338 - Multiple vulnerabilities in MariaDB

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2022-32088)

The vulnerability allows a local user to perform a denial of service attack

The vulnerability exists due to a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. A local user can send a specially crafted data to perform a denial of service attack.

2) Use-after-free (CVE-ID: CVE-2021-46669)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the convert_const_to_int() function when processing BIGINT data type. A remote attacker can trigger use-after-free error and perform a denial of service attack.

3) SQL injection (CVE-ID: CVE-2022-27381)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insufficient sanitization of user-supplied data in the Field::set_default() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.

4) Use-after-free (CVE-ID: CVE-2022-27377)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the Item_func_in::cleanup() function. A remote user can pass specially crafted SQL statements and cause a denial of service.

Remediation

Install update from vendor's website.

References

• https://jira.mariadb.org/browse/MDEV-26419
• https://jira.mariadb.org/browse/MDEV-25638
• https://security.netapp.com/advisory/ntap-20220221-0002/
• https://mariadb.com/kb/en/security/
• https://bugzilla.redhat.com/show_bug.cgi?id=2050034
• https://jira.mariadb.org/browse/MDEV-26061
• https://security.netapp.com/advisory/ntap-20220519-0006/
• https://jira.mariadb.org/browse/MDEV-26281