Lucene search

K
archlinux
ArchLinuxASA-202105-14
HistoryMay 19, 2021 - 12:00 a.m.

[ASA-202105-14] mariadb: denial of service

2021-05-1900:00:00
security.archlinux.org
166

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

52.8%

Arch Linux Security Advisory ASA-202105-14

Severity: Medium
Date : 2021-05-19
CVE-ID : CVE-2021-2154 CVE-2021-2166
Package : mariadb
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-1882

Summary

The package mariadb before version 10.5.10-1 is vulnerable to denial of
service.

Resolution

Upgrade to 10.5.10-1.

pacman -Syu β€œmariadb>=10.5.10-1”

The problems have been fixed upstream in version 10.5.10.

Workaround

None.

Description

  • CVE-2021-2154 (denial of service)

A security issue has been found in MariaDB before version 10.5.10. An
easily exploitable vulnerability allows high privileged attackers with
network access via multiple protocols to compromise the MariaDB server.
Successful attacks of this vulnerability can cause a hang or a
frequently repeatable crash (complete denial of service) of the server.

  • CVE-2021-2166 (denial of service)

A security issue has been found in MariaDB before version 10.5.10. An
easily exploitable vulnerability allows high privileged attackers with
network access via multiple protocols to compromise the MariaDB server.
Successful attacks of this vulnerability can cause a hang or a
frequently repeatable crash (complete denial of service) of the server.

Impact

A privileged remote attacker could cause the MariaDB server to hang or
crash.

References

https://mariadb.com/kb/en/mariadb-10510-release-notes/
https://security.archlinux.org/CVE-2021-2154
https://security.archlinux.org/CVE-2021-2166

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanymariadb< 10.5.10-1UNKNOWN
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

52.8%

Related for ASA-202105-14