Multiple vulnerabilities in IBM Cloud Object Storage Systems
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 23 |
| CVE-ID | CVE-2022-27383 CVE-2022-27456 CVE-2022-27380 CVE-2022-27458 CVE-2022-27447 CVE-2021-46669 CVE-2022-27377 CVE-2022-27384 CVE-2022-27378 CVE-2022-32085 CVE-2022-27452 CVE-2022-32083 CVE-2022-27376 CVE-2022-27445 CVE-2022-27387 CVE-2022-27449 CVE-2022-32088 CVE-2022-32084 CVE-2022-27381 CVE-2022-32087 CVE-2022-27379 CVE-2022-27386 CVE-2022-27448 |
| CWE-ID | CWE-416 CWE-89 CWE-119 CWE-120 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
IBM Cloud Object Storage Systems Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 23 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU63517
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27383
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the my_strcasecmp_8bit component. A remote user can pass specially crafted SQL statements and cause a denial of service.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Use-after-free
EUVDB-ID: #VU63540
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27456
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the VDec::VDec() function at /sql/sql_type.cc. A remote user can pass specially crafted data and cause a denial of service.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) SQL injection
EUVDB-ID: #VU63514
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27380
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the my_decimal::operator=() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
4) Use-after-free
EUVDB-ID: #VU63545
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27458
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the Binary_string::free_buffer() function at /sql/sql_string.h. A remote user can pass specially crafted data and cause a denial of service.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
5) Use-after-free
EUVDB-ID: #VU63529
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27447
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to use-after-free error via the Binary_string::free_buffer() function in the /sql/sql_string.h component. A remote user can send specially crafted data and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
6) Use-after-free
EUVDB-ID: #VU63827
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-46669
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the convert_const_to_int() function when processing BIGINT data type. A remote attacker can trigger use-after-free error and perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
7) Use-after-free
EUVDB-ID: #VU63508
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27377
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the Item_func_in::cleanup() function. A remote user can pass specially crafted SQL statements and cause a denial of service.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
8) SQL injection
EUVDB-ID: #VU63519
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27384
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Item_subselect::init_expr_cache_tracker() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
9) SQL injection
EUVDB-ID: #VU63510
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27378
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Create_tmp_table::finalize() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
10) Buffer overflow
EUVDB-ID: #VU65764
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32085
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. A local user can send a specially crafted file, trigger memory corruption and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
11) Buffer overflow
EUVDB-ID: #VU63536
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27452
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/item_cmpfunc.cc component. A remote user can send specially crafted data and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
12) Buffer overflow
EUVDB-ID: #VU65910
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-32083
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a segmentation fault via the component Item_subselect::init_expr_cache_tracker. A local user can send a specially crafted data to perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
13) Use-after-free
EUVDB-ID: #VU63507
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27376
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the Item_args::walk_arg() function. A remote user can pass specially crafted SQL statements and cause a denial of service.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
14) Buffer overflow
EUVDB-ID: #VU63525
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27445
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/sql_window.cc component. A remote user can send specially crafted data and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
15) Buffer overflow
EUVDB-ID: #VU63521
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27387
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to buffer overflow error in the decimal_bin_size component. A remote user can send specially crafted SQL statements to the affected application, trigger buffer overflow error and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
16) Buffer overflow
EUVDB-ID: #VU63532
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27449
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/item_func.cc:148 component. A remote user can send specially crafted data and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
17) Buffer overflow
EUVDB-ID: #VU65896
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32088
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack
The vulnerability exists due to a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. A local user can send a specially crafted data to perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
18) Buffer overflow
EUVDB-ID: #VU66024
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32084
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a segmentation fault via the component sub_select. A local user can send a specially crafted file and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
19) SQL injection
EUVDB-ID: #VU63515
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27381
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Field::set_default() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
20) Buffer overflow
EUVDB-ID: #VU65757
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32087
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a segmentation fault via the component Item_args::walk_args. A local user can send a specially crafted file, trigger memory corruption and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
21) SQL injection
EUVDB-ID: #VU63512
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27379
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Arg_comparator::compare_real() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
22) Buffer overflow
EUVDB-ID: #VU63520
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27386
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/sql_class.cc component. A remote user can send specially crafted data and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
23) Buffer overflow
EUVDB-ID: #VU63531
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-27448
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a buffer overflow in the BTR_PCUR_ON() function in the /row/row0mysql.cc component. A remote user can send a specially crafted data and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Object Storage Systems: before 3.16.0.127
CPE2.3
http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
http://www.ibm.com/support/pages/node/6841261
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
