7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
72.8%
Summary guidance: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used and it is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the processing of SQL queries. The specific flaw exists within the processing of SQL queries. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account.
CVEID:CVE-2021-46669
**DESCRIPTION:**Mariadb is vulnerable to a denial of service, caused by a use-after-free flaw in the convert_const_to_int function. By sending a specially-crafted request using the BIGINT data type, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218913 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
PowerVC |
2.0.2
2.0.2.1
IBM strongly recommends addressing the vulnerability now by upgrading the MariaDB package to the ifix shipped version.
We are also recommending users to update directly to PowerVC v2.0.2.1 instead of moving to PowerVC v2.0.2
Product(s)|Version|APAR|
—|—|—|—
IBM PowerVC| 2.0.2.1| IT40929|
None
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
72.8%