SUSE update for mariadb
Security Bulletin
This security bulletin contains information about 25 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU63827
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-46669
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the convert_const_to_int() function when processing BIGINT data type. A remote attacker can trigger use-after-free error and perform a denial of service attack.
MitigationUpdate the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Improper input validation
EUVDB-ID: #VU62418
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21427
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Use-after-free
EUVDB-ID: #VU63507
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27376
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the Item_args::walk_arg() function. A remote user can pass specially crafted SQL statements and cause a denial of service.
MitigationUpdate the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
4) Use-after-free
EUVDB-ID: #VU63508
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27377
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the Item_func_in::cleanup() function. A remote user can pass specially crafted SQL statements and cause a denial of service.
Update the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
5) SQL injection
EUVDB-ID: #VU63510
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27378
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Create_tmp_table::finalize() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.
MitigationUpdate the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
6) SQL injection
EUVDB-ID: #VU63512
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27379
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Arg_comparator::compare_real() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.
Update the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
7) SQL injection
EUVDB-ID: #VU63514
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27380
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the my_decimal::operator=() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.
Update the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
8) SQL injection
EUVDB-ID: #VU63515
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27381
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Field::set_default() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.
Update the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
9) Buffer overflow
EUVDB-ID: #VU63516
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27382
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a segmentation fault via the Item_field::used_tables/update_depend_map_for_order() function. A remote user can send specially crafted data and perform a denial of service (DoS) attack.
MitigationUpdate the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
10) Use-after-free
EUVDB-ID: #VU63517
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27383
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the my_strcasecmp_8bit component. A remote user can pass specially crafted SQL statements and cause a denial of service.
Update the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
11) SQL injection
EUVDB-ID: #VU63519
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27384
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Item_subselect::init_expr_cache_tracker() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.
Update the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
12) Buffer overflow
EUVDB-ID: #VU63520
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27386
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/sql_class.cc component. A remote user can send specially crafted data and perform a denial of service attack.
Update the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
13) Buffer overflow
EUVDB-ID: #VU63521
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27387
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to buffer overflow error in the decimal_bin_size component. A remote user can send specially crafted SQL statements to the affected application, trigger buffer overflow error and perform a denial of service attack.
Update the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
14) Buffer overflow
EUVDB-ID: #VU63523
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27444
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/item_subselect.cc component. A remote user can send specially crafted data and perform a denial of service attack.
Update the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
15) Buffer overflow
EUVDB-ID: #VU63525
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27445
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/sql_window.cc component. A remote user can send specially crafted data and perform a denial of service attack.
Update the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
16) Buffer overflow
EUVDB-ID: #VU63526
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27446
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/item_cmpfunc.h component. A remote user can send specially crafted data and perform a denial of service attack.
Update the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
17) Use-after-free
EUVDB-ID: #VU63529
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27447
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to use-after-free error via the Binary_string::free_buffer() function in the /sql/sql_string.h component. A remote user can send specially crafted data and perform a denial of service attack.
Update the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
18) Buffer overflow
EUVDB-ID: #VU63531
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27448
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a buffer overflow in the BTR_PCUR_ON() function in the /row/row0mysql.cc component. A remote user can send a specially crafted data and perform a denial of service (DoS) attack.
MitigationUpdate the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
19) Buffer overflow
EUVDB-ID: #VU63532
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27449
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/item_func.cc:148 component. A remote user can send specially crafted data and perform a denial of service attack.
Update the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
20) Buffer overflow
EUVDB-ID: #VU63534
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27451
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/field_conv.cc component. A remote user can send specially crafted data and perform a denial of service attack.
Update the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
21) Buffer overflow
EUVDB-ID: #VU63536
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27452
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/item_cmpfunc.cc component. A remote user can send specially crafted data and perform a denial of service attack.
Update the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
22) Use-after-free
EUVDB-ID: #VU63538
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27455
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the my_wildcmp_8bit_impl component at /strings/ctype-simple.c. A remote user can pass specially crafted data and cause a denial of service.
Update the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
23) Use-after-free
EUVDB-ID: #VU63540
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27456
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the VDec::VDec() function at /sql/sql_type.cc. A remote user can pass specially crafted data and cause a denial of service.
Update the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
24) Use-after-free
EUVDB-ID: #VU63543
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27457
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the my_mb_wc_latin1 component in the /strings/ctype-latin1.c. A remote user can pass specially crafted data and cause a denial of service.
Update the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
25) Use-after-free
EUVDB-ID: #VU63545
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27458
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the Binary_string::free_buffer() function at /sql/sql_string.h. A remote user can pass specially crafted data and cause a denial of service.
Update the affected package mariadb to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
SUSE Linux Enterprise Server for SAP: 15-SP2
SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP2-LTSS
SUSE Enterprise Storage: 7
mariadb-errormessages: before 10.4.25-150200.3.28.1
mariadb-tools-debuginfo: before 10.4.25-150200.3.28.1
mariadb-tools: before 10.4.25-150200.3.28.1
mariadb-debugsource: before 10.4.25-150200.3.28.1
mariadb-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client-debuginfo: before 10.4.25-150200.3.28.1
mariadb-client: before 10.4.25-150200.3.28.1
mariadb: before 10.4.25-150200.3.28.1
libmariadbd19-debuginfo: before 10.4.25-150200.3.28.1
libmariadbd19: before 10.4.25-150200.3.28.1
libmariadbd-devel: before 10.4.25-150200.3.28.1
CPE2.3 External links
http://www.suse.com/support/update/announcement/2022/suse-su-20222189-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
