Vulnerability CVE-2022-31026


Published: 2022-06-09

Description:
Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers.

Type:

CWE-908

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Trilogy project -> Trilogy 

 References:
https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm
https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962

Copyright 2024, cxsecurity.com

 

Back to Top