Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-31621: [MDEV-26574] An improper locking bug due to unreleased lock in the ds_xbstream.cc

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

CVE
#web#dos#git#jira

Log inSkip to main contentSkip to sidebar

  • Dashboards

  • Projects

  • Issues

  • Give feedback to Atlassian

  • Help

    • Jira Core help
    • Keyboard Shortcuts
    • Issue Reminders help
    • About Jira
    • Jira Credits
  • Log In

  1. MariaDB Server
  2. MDEV-26574

Log In

Export

XMLWordPrintable

Details

  • Type: Bug

  • Status: Closed (View Workflow)

  • Priority: Blocker

  • Resolution: Fixed

  • Affects Version/s: 10.6.4

  • Fix Version/s: 10.2.41, 10.3.32, 10.4.22, 10.5.13, 10.6.5

  • Component/s: Server

  • Labels:

    • code
    • performance
    • server
  • Environment:

    All

  • Epic/Theme:

    • Performance
    • server

Description

The lock stream_ctxt->mutex is not released correctly when stream_ctxt->dest_file == NULL in the function xbstream_open
https://github.com/MariaDB/server/blob/76f4a78ba2639b5abd01a88b24a3c509c11530ce/extra/mariabackup/ds_xbstream.cc#L126-L133

Also mentioned in MDEV-26556.

Attachments

Activity

People

Assignee:

Vladislav Vaintroub

Reporter:

Ryan

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2021-09-08 09:26

Updated:

2021-09-15 13:24

Resolved:

2021-09-15 13:22

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel’. Please contact your Jira administrators.

Related news

Gentoo Linux Security Advisory 202405-25

Gentoo Linux Security Advisory 202405-25 - Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907