Headline
RHSA-2022:5759: Red Hat Security Advisory: rh-mariadb105-galera and rh-mariadb105-mariadb security and bugfix update
An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery
- CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE)
- CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements
- CVE-2021-46664: mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr
- CVE-2021-46665: mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations
- CVE-2021-46668: mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements
- CVE-2021-46669: mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used
- CVE-2022-24048: mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer
- CVE-2022-24050: mariadb: lack of validating the existence of an object prior to performing operations on the object
- CVE-2022-24051: mariadb: lack of proper validation of a user-supplied string before using it as a format specifier
- CVE-2022-24052: mariadb: CONNECT storage engine heap-based buffer overflow
- CVE-2022-27376: mariadb: assertion failure in Item_args::walk_arg
- CVE-2022-27377: mariadb: use-after-poison when complex conversion is involved in blob
- CVE-2022-27378: mariadb: server crash in create_tmp_table::finalize
- CVE-2022-27379: mariadb: server crash in component arg_comparator::compare_real_fixed
- CVE-2022-27380: mariadb: server crash at my_decimal::operator=
- CVE-2022-27381: mariadb: server crash at Field::set_default via specially crafted SQL statements
- CVE-2022-27382: mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order
- CVE-2022-27383: mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c
- CVE-2022-27384: mariadb: crash via component Item_subselect::init_expr_cache_tracker
- CVE-2022-27386: mariadb: server crashes in query_arena::set_query_arena upon SELECT from view
- CVE-2022-27387: mariadb: assertion failures in decimal_bin_size
- CVE-2022-27444: mariadb: crash when using HAVING with NOT EXIST predicate in an equality
- CVE-2022-27445: mariadb: assertion failure in compare_order_elements
- CVE-2022-27446: mariadb: crash when using HAVING with IS NULL predicate in an equality
- CVE-2022-27447: mariadb: use-after-poison in Binary_string::free_buffer
- CVE-2022-27448: mariadb: crash in multi-update and implicit grouping
- CVE-2022-27449: mariadb: assertion failure in sql/item_func.cc
- CVE-2022-27451: mariadb: crash via window function in expression in ORDER BY
- CVE-2022-27452: mariadb: assertion failure in sql/item_cmpfunc.cc
- CVE-2022-27455: mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING
- CVE-2022-27456: mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc
- CVE-2022-27457: mariadb: incorrect key in “dup value” error after long unique
- CVE-2022-27458: mariadb: use-after-poison in Binary_string::free_buffer
- CVE-2022-31622: mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
- CVE-2022-31623: mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
- CVE-2022-32083: mariadb: server crash at Item_subselect::init_expr_cache_tracker
- CVE-2022-32085: mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor
- CVE-2022-32086: mariadb: server crash in Item_field::fix_outer_field for INSERT SELECT
- CVE-2022-32087: mariadb: server crash in Item_args::walk_args
- CVE-2022-32088: mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
发布:
2022-07-28
已更新:
2022-07-28
RHSA-2022:5759 - Security Advisory
- 概述
- 更新的软件包
概述
Moderate: rh-mariadb105-galera and rh-mariadb105-mariadb security and bugfix update
类型/严重性
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
标题
An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
描述
MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.
The following packages have been upgraded to a later upstream version: rh-mariadb105-galera (26.4.11), rh-mariadb105-mariadb (10.5.16).
Security Fix(es):
- mariadb: convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669)
- mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer (CVE-2022-24048)
- mariadb: lack of validating the existence of an object prior to performing operations on the object (CVE-2022-24050)
- mariadb: lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051)
- mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)
- mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)
- mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)
- mariadb: crash in create_tmp_table::finalize (CVE-2022-27378)
- mariadb: crash in arg_comparator::compare_real_fixed (CVE-2022-27379)
- mariadb: crash at my_decimal::operator= (CVE-2022-27380)
- mariadb: crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)
- mariadb: assertion failure via Item_field::used_tables/update_depend_map_for_order (CVE-2022-27382)
- mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)
- mariadb: crash via Item_subselect::init_expr_cache_tracker (CVE-2022-27384)
- mariadb: crashe in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)
- mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)
- mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)
- mariadb: assertion failure in compare_order_elements (CVE-2022-27445)
- mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)
- mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447)
- mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)
- mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)
- mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)
- mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)
- mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)
- mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)
- mariadb: incorrect key in “dup value” error after long unique (CVE-2022-27457)
- mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27458)
- mariadb: improper locking in ds_compress.cc (CVE-2022-31622)
- mariadb: improper locking in ds_compress.cc (CVE-2022-31623)
- mariadb: crash at init_expr_cache_tracker (CVE-2022-32083)
- mariadb: crash in cleanup/Item::cleanup_processor (CVE-2022-32085)
- mariadb: crash in fix_outer_field for INSERT SELECT (CVE-2022-32086)
- mariadb: crash in Item_args::walk_args (CVE-2022-32087)
- mariadb: segmentation fault in get_loops/report_use/filesort (CVE-2022-32088)
- mariadb: crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)
- mariadb: crash via an unused common table expression (CTE) (CVE-2021-46661)
- mariadb: ha_maria::extra crash via certain SELECT statements (CVE-2021-46663)
- mariadb: crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664)
- mariadb: sql_parse.cc crash because of used_tables expectations (CVE-2021-46665)
- mariadb: application crash via long SELECT DISTINCT statements (CVE-2021-46668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Don’t use less parallelism if not necessary (BZ#2101776)
- [Tracker] Rebase to Galera 26.4.11 (BZ#2101783)
解决方案
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
受影响的产品
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
- Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
修复
- BZ - 2049302 - CVE-2021-46659 mariadb: Crash executing query with VIEW, aggregate and subquery
- BZ - 2050017 - CVE-2021-46661 mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE)
- BZ - 2050022 - CVE-2021-46663 mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements
- BZ - 2050024 - CVE-2021-46664 mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr
- BZ - 2050026 - CVE-2021-46665 mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations
- BZ - 2050032 - CVE-2021-46668 mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements
- BZ - 2050034 - CVE-2021-46669 mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used
- BZ - 2068211 - CVE-2022-24052 mariadb: CONNECT storage engine heap-based buffer overflow
- BZ - 2068233 - CVE-2022-24051 mariadb: lack of proper validation of a user-supplied string before using it as a format specifier
- BZ - 2068234 - CVE-2022-24048 mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer
- BZ - 2069833 - CVE-2022-24050 mariadb: lack of validating the existence of an object prior to performing operations on the object
- BZ - 2074817 - CVE-2022-27376 mariadb: assertion failure in Item_args::walk_arg
- BZ - 2074947 - CVE-2022-27377 mariadb: use-after-poison when complex conversion is involved in blob
- BZ - 2074949 - CVE-2022-27378 mariadb: server crash in create_tmp_table::finalize
- BZ - 2074951 - CVE-2022-27379 mariadb: server crash in component arg_comparator::compare_real_fixed
- BZ - 2074966 - CVE-2022-27380 mariadb: server crash at my_decimal::operator=
- BZ - 2074981 - CVE-2022-27381 mariadb: server crash at Field::set_default via specially crafted SQL statements
- BZ - 2074987 - CVE-2022-27382 mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order
- BZ - 2074996 - CVE-2022-27383 mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c
- BZ - 2074999 - CVE-2022-27384 mariadb: crash via component Item_subselect::init_expr_cache_tracker
- BZ - 2075005 - CVE-2022-27386 mariadb: server crashes in query_arena::set_query_arena upon SELECT from view
- BZ - 2075006 - CVE-2022-27387 mariadb: assertion failures in decimal_bin_size
- BZ - 2075691 - CVE-2022-27445 mariadb: assertion failure in compare_order_elements
- BZ - 2075692 - CVE-2022-27446 mariadb: crash when using HAVING with IS NULL predicate in an equality
- BZ - 2075693 - CVE-2022-27447 mariadb: use-after-poison in Binary_string::free_buffer
- BZ - 2075694 - CVE-2022-27448 mariadb: crash in multi-update and implicit grouping
- BZ - 2075695 - CVE-2022-27449 mariadb: assertion failure in sql/item_func.cc
- BZ - 2075696 - CVE-2022-27444 mariadb: crash when using HAVING with NOT EXIST predicate in an equality
- BZ - 2075697 - CVE-2022-27456 mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc
- BZ - 2075699 - CVE-2022-27457 mariadb: incorrect key in “dup value” error after long unique
- BZ - 2075700 - CVE-2022-27458 mariadb: use-after-poison in Binary_string::free_buffer
- BZ - 2075701 - CVE-2022-27455 mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING
- BZ - 2076144 - CVE-2022-27451 mariadb: crash via window function in expression in ORDER BY
- BZ - 2076145 - CVE-2022-27452 mariadb: assertion failure in sql/item_cmpfunc.cc
- BZ - 2092354 - CVE-2022-31622 mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
- BZ - 2092360 - CVE-2022-31623 mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
- BZ - 2101776 - Don’t use less parallelism if not necessary [rhscl-3.8.z]
- BZ - 2101777 - DROP TABLE doesn’t raise error while dropping non-existing table [rhscl-3.8.z]
- BZ - 2101782 - [Tracker] Rebase to MariaDB 10.5.16 [rhscl-3.8.z]
- BZ - 2101783 - [Tracker] Rebase to Galera 26.4.11 [rhscl-3.8.z]
- BZ - 2104425 - CVE-2022-32083 mariadb: server crash at Item_subselect::init_expr_cache_tracker
- BZ - 2104431 - CVE-2022-32085 mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor
- BZ - 2104433 - CVE-2022-32086 mariadb: server crash in Item_field::fix_outer_field for INSERT SELECT
- BZ - 2104434 - CVE-2022-32087 mariadb: server crash in Item_args::walk_args
- BZ - 2106008 - CVE-2022-32088 mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort
CVE
- CVE-2021-46659
- CVE-2021-46661
- CVE-2021-46663
- CVE-2021-46664
- CVE-2021-46665
- CVE-2021-46668
- CVE-2021-46669
- CVE-2022-24048
- CVE-2022-24050
- CVE-2022-24051
- CVE-2022-24052
- CVE-2022-27376
- CVE-2022-27377
- CVE-2022-27378
- CVE-2022-27379
- CVE-2022-27380
- CVE-2022-27381
- CVE-2022-27382
- CVE-2022-27383
- CVE-2022-27384
- CVE-2022-27386
- CVE-2022-27387
- CVE-2022-27444
- CVE-2022-27445
- CVE-2022-27446
- CVE-2022-27447
- CVE-2022-27448
- CVE-2022-27449
- CVE-2022-27451
- CVE-2022-27452
- CVE-2022-27455
- CVE-2022-27456
- CVE-2022-27457
- CVE-2022-27458
- CVE-2022-31622
- CVE-2022-31623
- CVE-2022-32083
- CVE-2022-32085
- CVE-2022-32086
- CVE-2022-32087
- CVE-2022-32088
参考
- https://access.redhat.com/security/updates/classification/#moderate
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7
SRPM
rh-mariadb105-galera-26.4.11-1.el7.src.rpm
SHA-256: f2e38d3ad3391c6747b13fc228ae1204ee4a01d8b11f3062d833d9ec42a1bafa
rh-mariadb105-mariadb-10.5.16-2.el7.src.rpm
SHA-256: 05d202f3d5598b8b267ff6d56da7d80319367bd5e2c2568fb6d077ef04d4241b
x86_64
rh-mariadb105-galera-26.4.11-1.el7.x86_64.rpm
SHA-256: 36731324857e05d09e4d8610a70c87e0767117af048b685e71bdcf0377cca301
rh-mariadb105-galera-debuginfo-26.4.11-1.el7.x86_64.rpm
SHA-256: 59dc40e539dc81978941f306130cef98f9ee9da795012b102ac40cc712f64e4e
rh-mariadb105-mariadb-10.5.16-2.el7.x86_64.rpm
SHA-256: 94b85e2b22a94ed06e20571474f4291a4b2ecbbd93a831ec88cccc4792e516d1
rh-mariadb105-mariadb-backup-10.5.16-2.el7.x86_64.rpm
SHA-256: a232bedb10de1e7b9958e64fb4a001fe40fb54b106e2b1a549321ba916c3d8d9
rh-mariadb105-mariadb-backup-syspaths-10.5.16-2.el7.x86_64.rpm
SHA-256: 2abfa9719c49b7bc1bb524750cf520ecf50cef06b9a2b2ba9ca1f537bec19357
rh-mariadb105-mariadb-common-10.5.16-2.el7.x86_64.rpm
SHA-256: 84e80e985b7b02a83315ce004188021b6bec7049f856db935bf4bb23d07a52af
rh-mariadb105-mariadb-config-10.5.16-2.el7.x86_64.rpm
SHA-256: 865e3fe305f8090d9d691782c65042637e08bec2736bc57cdbc080e866776111
rh-mariadb105-mariadb-config-syspaths-10.5.16-2.el7.x86_64.rpm
SHA-256: cff217c7c8fa8137b2080d5bb06d892680995718dde160223523e24ac3a7ac1f
rh-mariadb105-mariadb-connect-engine-10.5.16-2.el7.x86_64.rpm
SHA-256: 457c9c53e278b576059560ebd46959937de6edaeacb61236b943fb489f4e3490
rh-mariadb105-mariadb-debuginfo-10.5.16-2.el7.x86_64.rpm
SHA-256: af72ed19df8095b984c4cff5fa1e21e46d2806941b65935584ff353dad3b3d61
rh-mariadb105-mariadb-devel-10.5.16-2.el7.x86_64.rpm
SHA-256: d4dc130a879d04bed2f0e55d8ecc6fd59256a04a1f46a9ad78d21619ad95a83e
rh-mariadb105-mariadb-errmsg-10.5.16-2.el7.x86_64.rpm
SHA-256: fc84855d7f090115344d8e7abf4082e207f36653556557c74ce084f99964325b
rh-mariadb105-mariadb-gssapi-server-10.5.16-2.el7.x86_64.rpm
SHA-256: d1a76ac0b64d18f1ac74a9c2f163bac513d87ac882a689b05e8af5415a47ceeb
rh-mariadb105-mariadb-libs-10.5.16-2.el7.x86_64.rpm
SHA-256: e9a269ef074ebd2359a55cf53d1048d673b3a8c453cd68e2723fb129ffe605e3
rh-mariadb105-mariadb-oqgraph-engine-10.5.16-2.el7.x86_64.rpm
SHA-256: 1c063c3f0f1e766adfc214ff7c054c560f31f606db89865d2dcfd02046926928
rh-mariadb105-mariadb-pam-10.5.16-2.el7.x86_64.rpm
SHA-256: 34b4df168e3e76641111d3c4d0715013ba8cdceb524840efad04773d00b2fb2b
rh-mariadb105-mariadb-server-10.5.16-2.el7.x86_64.rpm
SHA-256: 50a970f41b3c832321e983cf90212106e64a82ce9531f10638f1505d5b27f872
rh-mariadb105-mariadb-server-galera-10.5.16-2.el7.x86_64.rpm
SHA-256: d57d8c83affb662bead8d89d29ace30890e66d2a9ad56f0f620c76d8484b2e10
rh-mariadb105-mariadb-server-galera-syspaths-10.5.16-2.el7.x86_64.rpm
SHA-256: 9e0c98028f2da3fd8b8f91018296b25182d9b05577f51a1a8c67c37d471e05dd
rh-mariadb105-mariadb-server-syspaths-10.5.16-2.el7.x86_64.rpm
SHA-256: bd8f98acb646cf102f3645e0952887e195520577e0cb69d57d6074e8a5e42e3e
rh-mariadb105-mariadb-server-utils-10.5.16-2.el7.x86_64.rpm
SHA-256: f17b90862f96b0052d97c4ba4a474afc8da1071c8cd775584a3c54372fe62e9d
rh-mariadb105-mariadb-server-utils-syspaths-10.5.16-2.el7.x86_64.rpm
SHA-256: 52de60a89575345582eae8c57e7f15753e1af907e7ef0aabab6ebb7d90389f82
rh-mariadb105-mariadb-syspaths-10.5.16-2.el7.x86_64.rpm
SHA-256: be233b74045467ad21579378276735d1d4b156cfc26c3ad16ac958e412e2f34d
rh-mariadb105-mariadb-test-10.5.16-2.el7.x86_64.rpm
SHA-256: c3d043f50c282c0c70697b1b0aa92c3574ffdd1aa192012f78679852bd082d9c
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7
SRPM
rh-mariadb105-galera-26.4.11-1.el7.src.rpm
SHA-256: f2e38d3ad3391c6747b13fc228ae1204ee4a01d8b11f3062d833d9ec42a1bafa
rh-mariadb105-mariadb-10.5.16-2.el7.src.rpm
SHA-256: 05d202f3d5598b8b267ff6d56da7d80319367bd5e2c2568fb6d077ef04d4241b
s390x
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7
SRPM
rh-mariadb105-galera-26.4.11-1.el7.src.rpm
SHA-256: f2e38d3ad3391c6747b13fc228ae1204ee4a01d8b11f3062d833d9ec42a1bafa
rh-mariadb105-mariadb-10.5.16-2.el7.src.rpm
SHA-256: 05d202f3d5598b8b267ff6d56da7d80319367bd5e2c2568fb6d077ef04d4241b
x86_64
rh-mariadb105-galera-26.4.11-1.el7.x86_64.rpm
SHA-256: 36731324857e05d09e4d8610a70c87e0767117af048b685e71bdcf0377cca301
rh-mariadb105-galera-debuginfo-26.4.11-1.el7.x86_64.rpm
SHA-256: 59dc40e539dc81978941f306130cef98f9ee9da795012b102ac40cc712f64e4e
rh-mariadb105-mariadb-10.5.16-2.el7.x86_64.rpm
SHA-256: 94b85e2b22a94ed06e20571474f4291a4b2ecbbd93a831ec88cccc4792e516d1
rh-mariadb105-mariadb-backup-10.5.16-2.el7.x86_64.rpm
SHA-256: a232bedb10de1e7b9958e64fb4a001fe40fb54b106e2b1a549321ba916c3d8d9
rh-mariadb105-mariadb-backup-syspaths-10.5.16-2.el7.x86_64.rpm
SHA-256: 2abfa9719c49b7bc1bb524750cf520ecf50cef06b9a2b2ba9ca1f537bec19357
rh-mariadb105-mariadb-common-10.5.16-2.el7.x86_64.rpm
SHA-256: 84e80e985b7b02a83315ce004188021b6bec7049f856db935bf4bb23d07a52af
rh-mariadb105-mariadb-config-10.5.16-2.el7.x86_64.rpm
SHA-256: 865e3fe305f8090d9d691782c65042637e08bec2736bc57cdbc080e866776111
rh-mariadb105-mariadb-config-syspaths-10.5.16-2.el7.x86_64.rpm
SHA-256: cff217c7c8fa8137b2080d5bb06d892680995718dde160223523e24ac3a7ac1f
rh-mariadb105-mariadb-connect-engine-10.5.16-2.el7.x86_64.rpm
SHA-256: 457c9c53e278b576059560ebd46959937de6edaeacb61236b943fb489f4e3490
rh-mariadb105-mariadb-debuginfo-10.5.16-2.el7.x86_64.rpm
SHA-256: af72ed19df8095b984c4cff5fa1e21e46d2806941b65935584ff353dad3b3d61
rh-mariadb105-mariadb-devel-10.5.16-2.el7.x86_64.rpm
SHA-256: d4dc130a879d04bed2f0e55d8ecc6fd59256a04a1f46a9ad78d21619ad95a83e
rh-mariadb105-mariadb-errmsg-10.5.16-2.el7.x86_64.rpm
SHA-256: fc84855d7f090115344d8e7abf4082e207f36653556557c74ce084f99964325b
rh-mariadb105-mariadb-gssapi-server-10.5.16-2.el7.x86_64.rpm
SHA-256: d1a76ac0b64d18f1ac74a9c2f163bac513d87ac882a689b05e8af5415a47ceeb
rh-mariadb105-mariadb-libs-10.5.16-2.el7.x86_64.rpm
SHA-256: e9a269ef074ebd2359a55cf53d1048d673b3a8c453cd68e2723fb129ffe605e3
rh-mariadb105-mariadb-oqgraph-engine-10.5.16-2.el7.x86_64.rpm
SHA-256: 1c063c3f0f1e766adfc214ff7c054c560f31f606db89865d2dcfd02046926928
rh-mariadb105-mariadb-pam-10.5.16-2.el7.x86_64.rpm
SHA-256: 34b4df168e3e76641111d3c4d0715013ba8cdceb524840efad04773d00b2fb2b
rh-mariadb105-mariadb-server-10.5.16-2.el7.x86_64.rpm
SHA-256: 50a970f41b3c832321e983cf90212106e64a82ce9531f10638f1505d5b27f872
rh-mariadb105-mariadb-server-galera-10.5.16-2.el7.x86_64.rpm
SHA-256: d57d8c83affb662bead8d89d29ace30890e66d2a9ad56f0f620c76d8484b2e10
rh-mariadb105-mariadb-server-galera-syspaths-10.5.16-2.el7.x86_64.rpm
SHA-256: 9e0c98028f2da3fd8b8f91018296b25182d9b05577f51a1a8c67c37d471e05dd
rh-mariadb105-mariadb-server-syspaths-10.5.16-2.el7.x86_64.rpm
SHA-256: bd8f98acb646cf102f3645e0952887e195520577e0cb69d57d6074e8a5e42e3e
rh-mariadb105-mariadb-server-utils-10.5.16-2.el7.x86_64.rpm
SHA-256: f17b90862f96b0052d97c4ba4a474afc8da1071c8cd775584a3c54372fe62e9d
rh-mariadb105-mariadb-server-utils-syspaths-10.5.16-2.el7.x86_64.rpm
SHA-256: 52de60a89575345582eae8c57e7f15753e1af907e7ef0aabab6ebb7d90389f82
rh-mariadb105-mariadb-syspaths-10.5.16-2.el7.x86_64.rpm
SHA-256: be233b74045467ad21579378276735d1d4b156cfc26c3ad16ac958e412e2f34d
rh-mariadb105-mariadb-test-10.5.16-2.el7.x86_64.rpm
SHA-256: c3d043f50c282c0c70697b1b0aa92c3574ffdd1aa192012f78679852bd082d9c
Red Hat 安全团队联络方式为 [email protected]。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。
Related news
Gentoo Linux Security Advisory 202405-25 - Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected.
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
Ubuntu Security Notice 5739-1 - Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.37 in Ubuntu 20.04 LTS and to 10.6.11 in Ubuntu 22.04 LTS and Ubuntu 22.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Red Hat Security Advisory 2022-6443-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities.
An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT ...
Red Hat Security Advisory 2022-6306-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities.
An update for rh-mariadb103-galera and rh-mariadb103-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application ...
An update for galera, mariadb, and mysql-selinux is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via cert...
An update for the mariadb:10.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT ...
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.
MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.
There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.
MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.
MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.
An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.
An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.
MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.
MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.
MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.