Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-31624: [MDEV-26556] An improper locking bug(s) due to unreleased lock

MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

CVE
#dos#git

Details

  • Type: Bug

  • Status: Closed (View Workflow)

  • Priority: Critical

  • Resolution: Fixed

  • Affects Version/s: 10.6.4

  • Fix Version/s: 10.2.41

  • Component/s: Plugin - Audit

  • Labels:

    None

  • Environment:

    All

  • Epic/Theme:

    • Performance
    • primary
    • server

Description

Hi, developers, thank you for your checking. It seems the lock lock_bigbuffer is not released correctly when big_buffer == NULL in the function log_statement_ex?

https://github.com/MariaDB/server/blob/57f14eab20ae2733eb341f3d293515a10a40bc48/plugin/server_audit/server_audit.c#L1838-L1848

Thank you for your checking!

Attachments

Activity

Related news

Gentoo Linux Security Advisory 202405-25

Gentoo Linux Security Advisory 202405-25 - Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907