RSS   Vulnerabilities for 'Mariadb'   RSS

2022-05-25
 
CVE-2022-31621

CWE-667
 

 
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

 
 
CVE-2022-31622

CWE-404
 

 
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

 
 
CVE-2022-31623

CWE-667
 

 
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

 
 
CVE-2022-31624

CWE-404
 

 
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

 
2022-04-14
 
CVE-2022-27444

NVD-CWE-noinfo
 

 
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.

 
 
CVE-2022-27445

NVD-CWE-noinfo
 

 
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.

 
 
CVE-2022-27446

NVD-CWE-noinfo
 

 
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.

 
 
CVE-2022-27447

CWE-416
 

 
MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.

 
 
CVE-2022-27448

CWE-617
 

 
There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.

 
 
CVE-2022-27449

NVD-CWE-noinfo
 

 
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.

 


Copyright 2024, cxsecurity.com

 

Back to Top