openEuler update for mariadb
Security Bulletin
This security bulletin contains information about 24 vulnerabilities.
1) SQL injection
EUVDB-ID: #VU63512
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27379
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Arg_comparator::compare_real() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU63520
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27386
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/sql_class.cc component. A remote user can send specially crafted data and perform a denial of service attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU63521
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27387
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to buffer overflow error in the decimal_bin_size component. A remote user can send specially crafted SQL statements to the affected application, trigger buffer overflow error and perform a denial of service attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) SQL injection
EUVDB-ID: #VU63519
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27384
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Item_subselect::init_expr_cache_tracker() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) SQL injection
EUVDB-ID: #VU63514
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27380
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the my_decimal::operator=() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU63517
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27383
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the my_strcasecmp_8bit component. A remote user can pass specially crafted SQL statements and cause a denial of service.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) SQL injection
EUVDB-ID: #VU63515
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27381
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Field::set_default() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU63508
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27377
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the Item_func_in::cleanup() function. A remote user can pass specially crafted SQL statements and cause a denial of service.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) SQL injection
EUVDB-ID: #VU63510
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27378
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Create_tmp_table::finalize() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU63507
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27376
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the Item_args::walk_arg() function. A remote user can pass specially crafted SQL statements and cause a denial of service.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU63536
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27452
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/item_cmpfunc.cc component. A remote user can send specially crafted data and perform a denial of service attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU63545
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27458
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the Binary_string::free_buffer() function at /sql/sql_string.h. A remote user can pass specially crafted data and cause a denial of service.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU63540
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27456
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the VDec::VDec() function at /sql/sql_type.cc. A remote user can pass specially crafted data and cause a denial of service.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Buffer overflow
EUVDB-ID: #VU63525
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27445
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/sql_window.cc component. A remote user can send specially crafted data and perform a denial of service attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU63532
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27449
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/item_func.cc:148 component. A remote user can send specially crafted data and perform a denial of service attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Buffer overflow
EUVDB-ID: #VU63531
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27448
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a buffer overflow in the BTR_PCUR_ON() function in the /row/row0mysql.cc component. A remote user can send a specially crafted data and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU63529
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27447
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to use-after-free error via the Binary_string::free_buffer() function in the /sql/sql_string.h component. A remote user can send specially crafted data and perform a denial of service attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) SQL injection
EUVDB-ID: #VU63833
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27385
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the used_tables_and_const_cache::used_tables_and_const_cache_join() function. A remote attacker can send a specially crafted request to the affected application and perform a denial of service attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Buffer overflow
EUVDB-ID: #VU63516
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27382
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a segmentation fault via the Item_field::used_tables/update_depend_map_for_order() function. A remote user can send specially crafted data and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Buffer overflow
EUVDB-ID: #VU63534
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27451
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/field_conv.cc component. A remote user can send specially crafted data and perform a denial of service attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU63543
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27457
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the my_mb_wc_latin1 component in the /strings/ctype-latin1.c. A remote user can pass specially crafted data and cause a denial of service.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Buffer overflow
EUVDB-ID: #VU63526
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27446
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/item_cmpfunc.h component. A remote user can send specially crafted data and perform a denial of service attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Buffer overflow
EUVDB-ID: #VU63523
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27444
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/item_subselect.cc component. A remote user can send specially crafted data and perform a denial of service attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU63538
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27455
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the my_wildcmp_8bit_impl component at /strings/ctype-simple.c. A remote user can pass specially crafted data and cause a denial of service.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
mariadb-common: before 10.3.35-1
mariadb-backup: before 10.3.35-1
mariadb-embedded: before 10.3.35-1
mariadb-debuginfo: before 10.3.35-1
mariadb-cracklib: before 10.3.35-1
mariadb-errmessage: before 10.3.35-1
mariadb-oqgraph-engine: before 10.3.35-1
mariadb-devel: before 10.3.35-1
mariadb-test: before 10.3.35-1
mariadb-debugsource: before 10.3.35-1
mariadb-embedded-devel: before 10.3.35-1
mariadb-gssapi-server: before 10.3.35-1
mariadb-server-galera: before 10.3.35-1
mariadb-server: before 10.3.35-1
mariadb: before 10.3.35-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
