Headline
CVE-2022-47015: MDEV-29644 a potential bug of null pointer dereference in spider_db_m… · MariaDB/server@be0a46b
MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.
@@ -2090,7 +2090,7 @@ int spider_db_mbase::exec_query( db_conn->affected_rows, db_conn->insert_id, db_conn->server_status, db_conn->warning_count); if (spider_param_log_result_errors() >= 3) print_warnings(l_time); fetch_and_print_warnings(l_time); } else if (log_result_errors >= 4) { time_t cur_time = (time_t) time((time_t*) 0); @@ -2172,61 +2172,43 @@ bool spider_db_mbase::is_xa_nota_error( DBUG_RETURN(xa_nota); }
void spider_db_mbase::print_warnings( struct tm *l_time ) { DBUG_ENTER(“spider_db_mbase::print_warnings”); DBUG_PRINT("info",("spider this=%p", this)); if (db_conn->status == MYSQL_STATUS_READY) void spider_db_mbase::fetch_and_print_warnings(struct tm *l_time) { DBUG_ENTER(“spider_db_mbase::fetch_and_print_warnings”);
if (spider_param_dry_access() || db_conn->status != MYSQL_STATUS_READY || db_conn->server_status & SERVER_MORE_RESULTS_EXISTS) DBUG_VOID_RETURN;
if (mysql_real_query(db_conn, SPIDER_SQL_SHOW_WARNINGS_STR, SPIDER_SQL_SHOW_WARNINGS_LEN)) DBUG_VOID_RETURN;
MYSQL_RES *res= mysql_store_result(db_conn); if (!res) DBUG_VOID_RETURN;
uint num_fields= mysql_num_fields(res); if (num_fields != 3) { #if MYSQL_VERSION_ID < 50500 if (!(db_conn->last_used_con->server_status & SERVER_MORE_RESULTS_EXISTS)) #else if (!(db_conn->server_status & SERVER_MORE_RESULTS_EXISTS)) #endif { if ( spider_param_dry_access() || !mysql_real_query(db_conn, SPIDER_SQL_SHOW_WARNINGS_STR, SPIDER_SQL_SHOW_WARNINGS_LEN) ) { MYSQL_RES *res = NULL; MYSQL_ROW row = NULL; uint num_fields; if ( spider_param_dry_access() || !(res = mysql_store_result(db_conn)) || !(row = mysql_fetch_row(res)) ) { if (mysql_errno(db_conn)) { if (res) mysql_free_result(res); DBUG_VOID_RETURN; } /* no record is ok */ } num_fields = mysql_num_fields(res); if (num_fields != 3) { mysql_free_result(res); DBUG_VOID_RETURN; } while (row) { fprintf(stderr, "%04d%02d%02d %02d:%02d:%02d [WARN SPIDER RESULT] " "from [%s] %ld to %ld: %s %s %s\n", mysql_free_result(res); DBUG_VOID_RETURN; }
MYSQL_ROW row= mysql_fetch_row(res); while (row) { fprintf(stderr, "%04d%02d%02d %02d:%02d:%02d [WARN SPIDER RESULT] from [%s] %ld " "to %ld: %s %s %s\n", l_time->tm_year + 1900, l_time->tm_mon + 1, l_time->tm_mday, l_time->tm_hour, l_time->tm_min, l_time->tm_sec, conn->tgt_host, (ulong) db_conn->thread_id, (ulong) current_thd->thread_id, row[0], row[1], row[2]); row = mysql_fetch_row(res); } if (res) mysql_free_result(res); } } l_time->tm_hour, l_time->tm_min, l_time->tm_sec, conn->tgt_host, (ulong) db_conn->thread_id, (ulong) current_thd->thread_id, row[0], row[1], row[2]); row= mysql_fetch_row(res); } mysql_free_result(res);
DBUG_VOID_RETURN; }
Related news
Gentoo Linux Security Advisory 202405-25 - Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected.
Ubuntu Security Notice 6600-1 - Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.39 in Ubuntu 20.04 LTS, 10.6.16 in Ubuntu 22.04 LTS and 10.11.6 in Ubuntu 23.10. CVE-2022-47015 only affected the MariaDB packages in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
Red Hat Security Advisory 2023-7633-01 - An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2023-5684-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2023-5683-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2023-5259-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a null pointer vulnerability.