Amazon Linux 2023 : mariadb105, mariadb105-backup, mariadb105-common (ALAS2023-2023-037)

2023-03-21T00:00:00

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-037 - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are - save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect - MariaDB before 10.7.2 allows an application crash because it does not recognize that - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an - MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. (CVE-2021-46663) - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL (CVE-2021-46664) - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that (CVE-2021-46668) - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This Authentication is required to exploit this vulnerability. The specific flaw exists within the processing (CVE-2022-24048) - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This Authentication is required to exploit this vulnerability. The specific flaw exists within the processing (CVE-2022-24052) - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was (CVE-2022-27379) - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was (CVE-2022-27384) - An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/serv - MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at - MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in - MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select (CVE-2022-32084) - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component - MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component - MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component Note that Nessus has not tested for these issues but has instead relied only on the application's advisory. affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2372) affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2389) affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35604) handling of with_window_func=true for a subquery. (CVE-2021-46658) SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659) unused common table expression (CTE). (CVE-2021-46661) conjunction with a nested subquery. (CVE-2021-46662) value of aggr. expectations. (CVE-2021-46665) (CVE-2021-46667) improperly interact with storage-engine resource limitations for temporary data structures. data type is used. (CVE-2021-46669) forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self- signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778) vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191. allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050) local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051) vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190. Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376) Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377) allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378) discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380) attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381) Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382) my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383) discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27385) sql/sql_class.cc. (CVE-2022-27386) decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387) sql/item_subselect.cc. (CVE-2022-27444) sql/sql_window.cc. (CVE-2022-27445) sql/item_cmpfunc.h. (CVE-2022-27446) Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447) == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448) sql/item_func.cc:148. (CVE-2022-27449) sql/field_conv.cc. (CVE-2022-27451) sql/item_cmpfunc.cc. (CVE-2022-27452) my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455) at /sql/sql_type.cc. (CVE-2022-27456) my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457) Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458) er_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624) /storage/innobase/handler/handler0alter.cc. (CVE-2022-32081) dict0dict.cc. (CVE-2022-32082) Item_subselect::init_expr_cache_tracker. (CVE-2022-32083) . Item_func_in::cleanup/Item::cleanup_processor. (CVE-2022-32085) Item_field::fix_outer_field. (CVE-2022-32086) Item_args::walk_args. (CVE-2022-32087) Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. (CVE-2022-32088) st_select_lex_unit::exclude_level. (CVE-2022-32089) self-reported version number.

{"id": "AL2023_ALAS2023-2023-037.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Amazon Linux 2023 : mariadb105, mariadb105-backup, mariadb105-common (ALAS2023-2023-037)", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-037 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2372)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2389)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35604)\n\n - save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. (CVE-2021-46658)\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. (CVE-2021-46662)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665)\n\n - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self- signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27385)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624)\n\n - MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. (CVE-2022-32081)\n\n - MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. (CVE-2022-32082)\n\n - MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. (CVE-2022-32083)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.\n (CVE-2022-32084)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. (CVE-2022-32085)\n\n - MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. (CVE-2022-32086)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. (CVE-2022-32087)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. (CVE-2022-32088)\n\n - MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. (CVE-2022-32089)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2023-03-21T00:00:00", "modified": "2023-04-21T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/173101", "reporter": "This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://alas.aws.amazon.com/cve/html/CVE-2021-46669.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-27380.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46667", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27448", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24050", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27444", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46665", "https://alas.aws.amazon.com/cve/html/CVE-2021-46662.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2372", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46669", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46662", "https://alas.aws.amazon.com/cve/html/CVE-2022-27452.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27456", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31624", "https://alas.aws.amazon.com/cve/html/CVE-2022-32083.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-32084.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27455", "https://alas.aws.amazon.com/cve/html/CVE-2022-27456.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32086", "https://alas.aws.amazon.com/cve/html/CVE-2022-27383.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46659", "https://alas.aws.amazon.com/cve/html/CVE-2022-32081.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27445", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32084", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32085", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27377", "https://alas.aws.amazon.com/AL2023/ALAS-2023-037.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-27384.html", "https://alas.aws.amazon.com/cve/html/CVE-2021-46663.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27458", "https://alas.aws.amazon.com/cve/html/CVE-2022-27385.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27382", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46663", "https://alas.aws.amazon.com/cve/html/CVE-2021-2372.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24051", "https://alas.aws.amazon.com/cve/html/CVE-2021-46658.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46664", "https://alas.aws.amazon.com/cve/html/CVE-2022-27382.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-24050.html", "https://alas.aws.amazon.com/cve/html/CVE-2021-46668.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-27447.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27446", "https://alas.aws.amazon.com/cve/html/CVE-2022-27378.html", "https://alas.aws.amazon.com/cve/html/CVE-2021-46667.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27387", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27379", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27447", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46658", "https://alas.aws.amazon.com/cve/html/CVE-2022-32088.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-32089.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32081", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27457", "https://alas.aws.amazon.com/cve/html/CVE-2022-27387.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27384", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46661", "https://alas.aws.amazon.com/cve/html/CVE-2022-32086.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-27444.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27386", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27383", "https://alas.aws.amazon.com/cve/html/CVE-2022-27455.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-32087.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27378", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27376", "https://alas.aws.amazon.com/faqs.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-27448.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-27451.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-24051.html", "https://alas.aws.amazon.com/cve/html/CVE-2021-46664.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32087", "https://alas.aws.amazon.com/cve/html/CVE-2021-35604.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-24048.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-27376.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-27457.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27380", "https://alas.aws.amazon.com/cve/html/CVE-2022-0778.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-27458.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-27381.html", "https://alas.aws.amazon.com/cve/html/CVE-2021-2389.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27451", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35604", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27452", "https://alas.aws.amazon.com/cve/html/CVE-2021-46661.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-27386.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27385", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24048", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27381", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2389", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32083", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46668", "https://alas.aws.amazon.com/cve/html/CVE-2022-32085.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-31624.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-32082.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778", "https://alas.aws.amazon.com/cve/html/CVE-2021-46659.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-27445.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32089", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24052", "https://alas.aws.amazon.com/cve/html/CVE-2022-27449.html", "https://alas.aws.amazon.com/cve/html/CVE-2021-46665.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-27377.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-24052.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32088", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27449", "https://alas.aws.amazon.com/cve/html/CVE-2022-27446.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-27379.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32082"], "cvelist": ["CVE-2021-2372", "CVE-2021-2389", "CVE-2021-35604", "CVE-2021-46658", "CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46662", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46667", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-0778", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27385", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31624", "CVE-2022-32081", "CVE-2022-32082", "CVE-2022-32083", "CVE-2022-32084", "CVE-2022-32085", "CVE-2022-32086", "CVE-2022-32087", "CVE-2022-32088", "CVE-2022-32089"], "immutableFields": [], "lastseen": "2023-10-02T13:35:33", "viewCount": 20, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY35.ASC"]}, {"type": "almalinux", "idList": ["ALSA-2021:3590", "ALSA-2022:1065", "ALSA-2022:1556", "ALSA-2022:1557", "ALSA-2022:5326", "ALSA-2022:5826", "ALSA-2022:5948", "ALSA-2022:6443", "ALSA-2022:7119", "ALSA-2023:5259"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-2372", "ALPINE:CVE-2021-2389", "ALPINE:CVE-2021-35604", "ALPINE:CVE-2021-46659", "ALPINE:CVE-2021-46661", "ALPINE:CVE-2021-46662", "ALPINE:CVE-2021-46663", "ALPINE:CVE-2021-46664", "ALPINE:CVE-2021-46665", "ALPINE:CVE-2021-46667", "ALPINE:CVE-2021-46668", "ALPINE:CVE-2021-46669", "ALPINE:CVE-2022-0778", "ALPINE:CVE-2022-24048", "ALPINE:CVE-2022-24050", "ALPINE:CVE-2022-24051", "ALPINE:CVE-2022-24052", "ALPINE:CVE-2022-27376", "ALPINE:CVE-2022-27377", "ALPINE:CVE-2022-27378", "ALPINE:CVE-2022-27379", "ALPINE:CVE-2022-27380", "ALPINE:CVE-2022-27381", "ALPINE:CVE-2022-27382", "ALPINE:CVE-2022-27383", "ALPINE:CVE-2022-27384", "ALPINE:CVE-2022-27385", "ALPINE:CVE-2022-27386", "ALPINE:CVE-2022-27387", "ALPINE:CVE-2022-27444", "ALPINE:CVE-2022-27445", "ALPINE:CVE-2022-27446", "ALPINE:CVE-2022-27447", "ALPINE:CVE-2022-27448", "ALPINE:CVE-2022-27449", "ALPINE:CVE-2022-27451", "ALPINE:CVE-2022-27452", "ALPINE:CVE-2022-27455", "ALPINE:CVE-2022-27456", "ALPINE:CVE-2022-27457", "ALPINE:CVE-2022-27458", "ALPINE:CVE-2022-31624", "ALPINE:CVE-2022-32081", "ALPINE:CVE-2022-32082", "ALPINE:CVE-2022-32084", "ALPINE:CVE-2022-32089"]}, {"type": "altlinux", "idList": ["2E3004A50A511D456BFC8F01DA1B9584", "39CFFB87AFC9A591CD6C901CBB002174", "462FD49112FE85163EF025EFB6E6CCFC", "4636D2B913915197381B9E5A8DFDA814", "A53966B4C9ED4C2C9B5D5AAE3C9142B6", "B0664AAC61BC569C35AA9EED702C667A", "B85C8F73B16A47F96ABD5E5F7F645891", "DC52777AA2FD41A330B63B883159C7F5"]}, {"type": "amazon", "idList": ["ALAS-2021-1544", "ALAS-2022-1575", "ALAS2-2022-1766", "ALAS2-2023-2057"]}, {"type": "apple", "idList": ["APPLE:63CA0F4232480C58A7826938831F5D5B", "APPLE:9A4969F10DDA950938D09FB74CC40FF8", "APPLE:E82A2A3D978FD519CBF58A36F587B070"]}, {"type": "arista", "idList": ["ARISTA:0075"]}, {"type": "attackerkb", "idList": ["AKB:3F7EB772-577A-4EE4-BCBB-6DA9F0EC50F6"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "centos", "idList": ["CESA-2022:1066"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2022-0088"]}, {"type": "checkpoint_security", "idList": ["CPS:SK178411", "CPS:SK179649"]}, {"type": "cisa", "idList": ["CISA:FE8DC06D4609CF6B91DE778FC96E4ECD"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:451456E80A3A64E506E6D4333659CD7B", "CFOUNDRY:70F6C83FE70C685FC734A73A63029F17"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1647550273"]}, {"type": "cnvd", "idList": ["CNVD-2021-54027", "CNVD-2021-54679", "CNVD-2021-81783", "CNVD-2022-18421", "CNVD-2022-35548", "CNVD-2022-64999", "CNVD-2022-65000", "CNVD-2022-65001", "CNVD-2022-65002", "CNVD-2022-65003", "CNVD-2022-65004", "CNVD-2022-65005", "CNVD-2022-65006", "CNVD-2022-65007", "CNVD-2022-65008", "CNVD-2022-65009", "CNVD-2022-65010", "CNVD-2022-65011", "CNVD-2022-65012", "CNVD-2022-65345", "CNVD-2022-68614"]}, {"type": "cve", "idList": ["CVE-2021-2372", "CVE-2021-2389", "CVE-2021-35604", "CVE-2021-46658", "CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46662", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46667", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-0778", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27385", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31624", "CVE-2022-32081", "CVE-2022-32082", "CVE-2022-32083", "CVE-2022-32084", "CVE-2022-32085", "CVE-2022-32086", "CVE-2022-32087", "CVE-2022-32088", "CVE-2022-32089"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2952-1:7651B", "DEBIAN:DLA-2953-1:551CB", "DEBIAN:DLA-3114-1:9A50E", "DEBIAN:DSA-5103-1:C47DD"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-2372", "DEBIANCVE:CVE-2021-2389", "DEBIANCVE:CVE-2021-35604", "DEBIANCVE:CVE-2021-46658", "DEBIANCVE:CVE-2021-46659", "DEBIANCVE:CVE-2021-46661", "DEBIANCVE:CVE-2021-46662", "DEBIANCVE:CVE-2021-46663", "DEBIANCVE:CVE-2021-46664", "DEBIANCVE:CVE-2021-46665", "DEBIANCVE:CVE-2021-46667", "DEBIANCVE:CVE-2021-46668", "DEBIANCVE:CVE-2021-46669", "DEBIANCVE:CVE-2022-0778", "DEBIANCVE:CVE-2022-24048", "DEBIANCVE:CVE-2022-24050", "DEBIANCVE:CVE-2022-24051", "DEBIANCVE:CVE-2022-24052", "DEBIANCVE:CVE-2022-27376", "DEBIANCVE:CVE-2022-27377", "DEBIANCVE:CVE-2022-27378", "DEBIANCVE:CVE-2022-27379", "DEBIANCVE:CVE-2022-27380", "DEBIANCVE:CVE-2022-27381", "DEBIANCVE:CVE-2022-27382", "DEBIANCVE:CVE-2022-27383", "DEBIANCVE:CVE-2022-27384", "DEBIANCVE:CVE-2022-27385", "DEBIANCVE:CVE-2022-27386", "DEBIANCVE:CVE-2022-27387", "DEBIANCVE:CVE-2022-27444", "DEBIANCVE:CVE-2022-27445", "DEBIANCVE:CVE-2022-27446", "DEBIANCVE:CVE-2022-27447", "DEBIANCVE:CVE-2022-27448", "DEBIANCVE:CVE-2022-27449", "DEBIANCVE:CVE-2022-27451", "DEBIANCVE:CVE-2022-27452", "DEBIANCVE:CVE-2022-27455", "DEBIANCVE:CVE-2022-27456", "DEBIANCVE:CVE-2022-27457", "DEBIANCVE:CVE-2022-27458", "DEBIANCVE:CVE-2022-31624", "DEBIANCVE:CVE-2022-32081", "DEBIANCVE:CVE-2022-32082", "DEBIANCVE:CVE-2022-32083", "DEBIANCVE:CVE-2022-32084", "DEBIANCVE:CVE-2022-32085", "DEBIANCVE:CVE-2022-32086", "DEBIANCVE:CVE-2022-32087", "DEBIANCVE:CVE-2022-32088", "DEBIANCVE:CVE-2022-32089"]}, {"type": "f5", "idList": ["F5:K31323265"]}, {"type": "fedora", "idList": ["FEDORA:0A8AA34B5326", "FEDORA:1FA373137B4C", "FEDORA:2CDB13057196", "FEDORA:2EC953058520", "FEDORA:301E530AF235", "FEDORA:30F643072EBA", "FEDORA:3660E30A2270", "FEDORA:5F19430AE6FD", "FEDORA:6EC9D33D7FE1", "FEDORA:71D86305857D", "FEDORA:75065309D300", "FEDORA:81628313BD04", "FEDORA:9A9A730B7020", "FEDORA:B2BC2313833A", "FEDORA:B75043084968", "FEDORA:B95F63083D20", "FEDORA:C2682313411C", "FEDORA:D41B8309CED6", "FEDORA:E79AF3084D1B", "FEDORA:F031530582BF", "FEDORA:F1385304C2C4"]}, {"type": "fortinet", "idList": ["FG-IR-21-116", "FG-IR-22-059"]}, {"type": "freebsd", "idList": ["04FECC47-DAD2-11EC-8FBD-D4C9EF517024", "27BF9378-8FFD-11EC-8BE6-D4C9EF517024", "36D10AF7-248D-11ED-856E-D4C9EF517024", "38A4A043-E937-11EB-9B84-D4C9EF517024", "ADD683BE-BD76-11EC-A06F-D4C9EF517024", "C9387E4D-2F5F-11EC-8BE6-D4C9EF517024", "EA05C456-A4FD-11EC-90DE-1C697AA5A594", "FF5606F7-8A45-11EC-8BE6-D4C9EF517024"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-22:03.OPENSSL"]}, {"type": "gentoo", "idList": ["GLSA-202210-02"]}, {"type": "github", "idList": ["GHSA-X3MH-JVJW-3XWX"]}, {"type": "githubexploit", "idList": ["0C866B2A-86E3-5C5A-AA62-622683A9A0DA", "215EF040-369B-5FBF-A9F5-F81833E29553", "2DA0FD9C-9E20-5C51-A357-EB46391407F7", "588C33E5-7CDF-5EC7-9294-74B308DC6535", "5ACB7D6C-CC90-52D8-BFB9-C783C3ACA5FA", "658B3734-0DA9-5332-A307-23C1967D9C0A"]}, {"type": "hivepro", "idList": ["HIVEPRO:9C6CEB2A89436A8E8258183E6D6830FB", "HIVEPRO:B772F2F7B4C9AE8452D1197E2E240204"]}, {"type": "ibm", "idList": ["022A2D60DD1C4A293CF52F8F73A53B3FC2E53AEC5EA7FFEDF9C4763EF2B5B80A", "0402EC8AB4EAC3CD4AE3D765E8C24F6683BD7CA1335A81B6D3B0950A4801A470", "091D253C3C5F4EDDB1A7482046BA793909C45D2702BF1CCF8D674C8DF0ACEA59", "0D85E5287523B83245752DC2E09287130E098DCDD6446DA2E1DF6BC26D74E767", "102DE7B07E2C763A08E3117F8BAFADC95832E666C453110C7D4275D703394EF5", "14108283F9157C4F2A38313CFBD3F47CFDC207CBE84809E04B7E197DA546B8D3", "19E6F6BF59A10C956F5C8D810D4B516674147E88F5FC3EC5B22031456700CB08", "1D375703477B8434B33880D4C2BC54C4F52207A530C550AD113F53DC33F805E9", "24D6B6BF7C1929D18570FC4893B61C1863403B6466BEC3BA72BBB217CAF54A1E", "28AF07FA415EFB4C0600E47198E77EFE267BF4907EB58703528CAAFC4FB07FDE", "2A7A7E36601C6E4D31E8BA0D7AAC60D5687103E89CE9D3C6A19F73E786347129", "2AD0AE0323037B0B0C26CD8A979BC7FE985F13BC496190D41AB05E59E9CEECFA", "32A60A9C1BA6A62100EB71CDFA36BDD4A97E492CAF4EC2F477EF0C0B4B0BBA9B", "364F8FB9BA353F400B4546D33999F70FA4F7E3F35D42B5932DC73C08163112D3", "3669E45D7FE2AA83192FF44FAA60FB349B5D39469F2B30F7D69463B2868B4908", "3D44B41FEB67A37C1F1602DF3E14EAB1A680D6DE2E68AAD59DBA34352E7EEAF6", "4395DB4E66F99889DAFD2A4877F5DD63D932E1BAF718AD9DFD8050BE89AE7B39", "4AD144393663479BB64C875B7B04C97712BE791D19F2EDC082CA6236DF4F9F71", "4C10A98BEE68D0B96F2823756EDF99AFABFD6558C7AACA794EB853BCFD69F5B6", "4C79E288BC340613D1B1B84DD16C4C5D8F508A64A400E10BDCB88A06FA574EDF", "50D6AB8BFC4B38B3B5A2A79B2815AA71FB82CF937CA979BCACDDD58A775A78E4", "5BE52962678849208DBB78075A36D8D5B485DEC707628BB3A9D37D4AA01BC678", "5F3C4B37776986C5B6E57B0D357C4691B07BBE4E0615968E249EC3225A3DAC12", "5F4A0C2884928132058FB1F6A2A491E93E6AD59F7652C09398215C3B1702DA1D", "6137CA688C891413F0689149C983EA31FBA87F4C104EEF74658D6F747C2CE707", "6276DBA59ED42176EC7E2927F0A75BDBAC09FF340317BE665F741C4CDC851A7B", "6386F8948DEE250045178259A022D70BD9E8E6003BDBD116F95FAADC25DB23C2", "677B50D118494C17178E83DB6E0C50351EE6636792748E40043E3B9FBFAD274E", "6B8C4F1A97615E6082C77CCC32E2CA9FFEC8B33076BF16660A90C0EA6B436DA5", "6CAE2D44529EB3ACB88F1CD69BAC17D0CEAF1019A014DB789505665B46AF09B8", "6D2D8D71D69D8461F2745DEFFD034354BC044D7FD0B5D5FBFE539BAF7E45610E", "71ACC821294C80E8F3B99B72E48078130FBD6C877B71E1CB158D6280A8292D99", "742165674E677DC9026C3F2D2245AFC118A59A752987D90E7AA7D17B911AC473", "7A2AB93E7F0DDAB709E04C2A3083F01A78EB3403F2956781D7C650C866D62D59", "7DE31DC20B322964CB6C48106E631D9D14B3967BD45EF2F7D2C8FA587E1AB212", "8107BB155AFB4DEF24A8F7E9A5B84FB121DF87688100C00C435732A2636A741D", "817B7FFB07801BE45BBA7907DB38E30FA02DAEC38ABDAC204FD15158D630635A", "8BA9843CD049A6B3B2568D750B3B848AF7F394867B3914172C3057506982747A", "9571CC4C328FC49BDE460E3DDB8089A16540E8193A13ACAE69B87BCD550C3EF1", "96080ECFBE42CEF2D63B1341838131BE1CCC2B5F08130E2F678CCDCE13FAE376", "98283CFA95F6BF8734797F60CE0F1633CDE2F2CFE8B1C29D35562086E63F1486", "995F5E76978D4608B874A2D971B720695F0E88D78837491A71B32497C4E691FF", "9ADBDDE58661CDBE895EF30C5FC7969CE502BC90E9C6CAA210F0E36F82C8B330", "9BA7990CC3D9C20113440CD1A4AB058DB6D9EBA8AD303D4021A3D4CAAE12DDA9", "9BDA6E33706D0CA5C43FCD01EF51E48EB25CD2D133A018AEDB2FE563EC3BD7DC", "9C01855DE792DB516073FE7D57766225D3D1F4F50386D124FC6880AE615E0F6A", "A5BA8A613951DB71615997A50576EA856CF6F241F65D49864518CC076EDA448D", "A5D273C4869530B1BDDB415E45BEC7D916490C3278ABAC423D76AA509827EAA0", "A654DFD6FE6FCF2884AC0707849B43D4C36CBD6723597614360CB1EFD332EC39", "A6D737ADE03B032A42291D50B5DFC8276AA6AB0C24E9163A9958098D0E9747B6", "A6F462701244F836D2D7588BFFF3403D267FCB32C8E237B2D6148230FB181334", "A88A9645C8F75892D90D8542DC9FBE5895FAA1BF48BAF9F16E2A36E690C7A8F5", "AD86702782A27B125C52925B01186F115FDFFD74D9D5E408D9B6FF77D740FAF6", "BEE498D64CA2EADF926E0FE823248FE0159CFE6EC6405F64A375B2DE213482D4", "C0C635C3D1BDFFF4279719843730FED33753DFD9A52C5B43AE4A48433A539739", "C815D5BA0527F8CF454767B7D16A6B819AF9B998FAC3AFC2A63E79F6A57AD83A", "C9A62458FFCDA7D13068BA51A14F3364875030AD9E3379B54C1EB8EAA4DD8D49", "CA6E62CB32AA91296638D9DAB5072711CB69A35615F7FC69D8B55BD25BE71F67", "CD40DD149C78115FC5E14131A8469B7F2D7DDB0549913613CBD15A792ECBBE37", "CE17FB486A383FDA7CA58E6E9EBC670CBD8C99F75AB7AAF454F6CC73755CB8C6", "CEF374057D7807F5D35968E4C55414081A5A0BD61843509DA73FCFE986EFFD24", "D0E566D5A2464D34F4017949740F4817E6C3F9CBFA45AD07C85A6B212CC3C14B", "D1D43CB4C651EC344A506E76FAFAC5A1C0BA2618CF89E0668701D13B96168171", "DDD4AB992BDFCF47B1C63583774DFCACB217D68082641AA2E66EEFE336297568", "DF4E13C85EACFEE2051B7981ADDB31432F47A19BDF5522096B79CAE0037CA8D9", "F022B1455D4614E425E2D78BC02FFB6A7F2D5B177BF3F93F521E8EFBA5BEE1DE", "F117DBDFED6B212106F9E2337E83226A94DDA2D7BE2380A5E5AACD18D954EB5B", "F3F852CA57F1D635AD9D70D1C461917BDB89BE30E041807BC8773FD8BCD92529", "FC67824EDEA7266EC4ACC4A9FF987D99A6B7A246B5DEA115F33425EDCEE6D155"]}, {"type": "ics", "idList": ["ICSA-22-132-02", "ICSA-22-167-14", "ICSA-22-221-01", "ICSA-22-221-01-0", "ICSA-22-272-02", "ICSA-23-059-01", "ICSA-23-143-02"]}, {"type": "mageia", "idList": ["MGASA-2021-0402", "MGASA-2021-0536", "MGASA-2022-0070", "MGASA-2022-0113", "MGASA-2022-0215", "MGASA-2022-0314"]}, {"type": "mariadbunix", "idList": ["MARIA:CVE-2021-2372", "MARIA:CVE-2021-2389", "MARIA:CVE-2021-35604", "MARIA:CVE-2021-46658", "MARIA:CVE-2021-46659", "MARIA:CVE-2021-46661", "MARIA:CVE-2021-46662", "MARIA:CVE-2021-46663", "MARIA:CVE-2021-46664", "MARIA:CVE-2021-46665", "MARIA:CVE-2021-46667", "MARIA:CVE-2021-46668", "MARIA:CVE-2021-46669", "MARIA:CVE-2022-0778", "MARIA:CVE-2022-24048", "MARIA:CVE-2022-24050", "MARIA:CVE-2022-24051", "MARIA:CVE-2022-24052", "MARIA:CVE-2022-27376", "MARIA:CVE-2022-27377", "MARIA:CVE-2022-27378", "MARIA:CVE-2022-27379", "MARIA:CVE-2022-27380", "MARIA:CVE-2022-27381", "MARIA:CVE-2022-27382", "MARIA:CVE-2022-27383", "MARIA:CVE-2022-27384", "MARIA:CVE-2022-27385", "MARIA:CVE-2022-27386", "MARIA:CVE-2022-27387", "MARIA:CVE-2022-27444", "MARIA:CVE-2022-27445", "MARIA:CVE-2022-27446", "MARIA:CVE-2022-27447", "MARIA:CVE-2022-27448", "MARIA:CVE-2022-27449", "MARIA:CVE-2022-27451", "MARIA:CVE-2022-27452", "MARIA:CVE-2022-27455", "MARIA:CVE-2022-27456", "MARIA:CVE-2022-27457", "MARIA:CVE-2022-27458", "MARIA:CVE-2022-31624", "MARIA:CVE-2022-32081", "MARIA:CVE-2022-32082", "MARIA:CVE-2022-32083", "MARIA:CVE-2022-32084", "MARIA:CVE-2022-32085", "MARIA:CVE-2022-32086", "MARIA:CVE-2022-32087", "MARIA:CVE-2022-32088", "MARIA:CVE-2022-32089", "MARIA:USN-5739-1"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-041.NASL", "AL2022_ALAS2022-2022-069.NASL", "AL2022_ALAS2022-2022-096.NASL", "AL2022_ALAS2022-2022-182.NASL", "AL2022_ALAS2022-2022-195.NASL", "AL2022_ALAS2022-2022-245.NASL", "AL2023_ALAS2023-2023-051.NASL", "AL2_ALAS-2022-1766.NASL", "AL2_ALAS-2023-2057.NASL", "AL2_ALASNITRO-ENCLAVES-2022-018.NASL", "ALA_ALAS-2021-1544.NASL", "ALA_ALAS-2022-1575.NASL", "ALMA_LINUX_ALSA-2022-4899.NASL", "ALMA_LINUX_ALSA-2022-5326.NASL", "ALMA_LINUX_ALSA-2022-5826.NASL", "ALMA_LINUX_ALSA-2022-5948.NASL", "ALMA_LINUX_ALSA-2022-6443.NASL", "ALMA_LINUX_ALSA-2022-7119.NASL", "ALMA_LINUX_ALSA-2023-5259.NASL", "CENTOS8_RHSA-2021-3590.NASL", "CENTOS8_RHSA-2022-1557.NASL", "CENTOS8_RHSA-2022-5826.NASL", "CENTOS8_RHSA-2022-7119.NASL", "CENTOS_RHSA-2022-1066.NASL", "DEBIAN_DLA-2952.NASL", "DEBIAN_DLA-2953.NASL", "DEBIAN_DLA-3114.NASL", "DEBIAN_DSA-5103.NASL", "DELL_POWERVAULT_ME5_DSA-2023-083.NASL", "DELL_WYSE_MANAGEMENT_SUITE_DSA-2022-098.NASL", "DRAC_DSA-2022-154_2_83_83_83_5_10_30_00.NASL", "EULEROS_SA-2022-1543.NASL", "EULEROS_SA-2022-1545.NASL", "EULEROS_SA-2022-1546.NASL", "EULEROS_SA-2022-1547.NASL", "EULEROS_SA-2022-1559.NASL", "EULEROS_SA-2022-1575.NASL", "EULEROS_SA-2022-1578.NASL", "EULEROS_SA-2022-1746.NASL", "EULEROS_SA-2022-1753.NASL", "EULEROS_SA-2022-1754.NASL", "EULEROS_SA-2022-1795.NASL", "EULEROS_SA-2022-1812.NASL", "EULEROS_SA-2022-1849.NASL", "EULEROS_SA-2022-1853.NASL", "EULEROS_SA-2022-1873.NASL", "EULEROS_SA-2022-1877.NASL", "EULEROS_SA-2022-1939.NASL", "EULEROS_SA-2022-2032.NASL", "EULEROS_SA-2022-2060.NASL", "EULEROS_SA-2022-2186.NASL", "EULEROS_SA-2022-2190.NASL", "EULEROS_SA-2022-2205.NASL", "EULEROS_SA-2022-2209.NASL", "EULEROS_SA-2022-2227.NASL", "EULEROS_SA-2022-2275.NASL", "EULEROS_SA-2022-2473.NASL", "EULEROS_SA-2022-2518.NASL", "EULEROS_SA-2022-2525.NASL", "EULEROS_SA-2022-2526.NASL", "EULEROS_SA-2022-2549.NASL", "EULEROS_SA-2022-2573.NASL", "EULEROS_SA-2022-2578.NASL", "EULEROS_SA-2022-2624.NASL", "EULEROS_SA-2022-2831.NASL", "EULEROS_SA-2022-2852.NASL", "EULEROS_SA-2022-2857.NASL", "EULEROS_SA-2023-1052.NASL", "EULEROS_SA-2023-1068.NASL", "EULEROS_SA-2023-1071.NASL", "EULEROS_SA-2023-1155.NASL", "EULEROS_SA-2023-1176.NASL", "EULEROS_SA-2023-1274.NASL", "EULEROS_SA-2023-1281.NASL", "EULEROS_SA-2023-1327.NASL", "EULEROS_SA-2023-1704.NASL", "EULEROS_SA-2023-1748.NASL", "EULEROS_SA-2023-2226.NASL", "F5_BIGIP_SOL31323265.NASL", "FEDORA_2022-333DF1C4AA.NASL", "FEDORA_2022-CF88F807F9.NASL", "FREEBSD_PKG_04FECC47DAD211EC8FBDD4C9EF517024.NASL", "FREEBSD_PKG_27BF93788FFD11EC8BE6D4C9EF517024.NASL", "FREEBSD_PKG_36D10AF7248D11ED856ED4C9EF517024.NASL", "FREEBSD_PKG_38A4A043E93711EB9B84D4C9EF517024.NASL", "FREEBSD_PKG_EA05C456A4FD11EC90DE1C697AA5A594.NASL", "FREEBSD_PKG_FF5606F78A4511EC8BE6D4C9EF517024.NASL", "GENTOO_GLSA-202210-02.NASL", "JUNIPER_JSA70180.NASL", "JUNIPER_JSA70186.NASL", "MACOS_HT213255.NASL", "MACOS_HT213256.NASL", "MACOS_HT213257.NASL", "MARIADB_10_2_39.NASL", "MARIADB_10_2_40.NASL", "MARIADB_10_2_41.NASL", "MARIADB_10_2_42.NASL", "MARIADB_10_2_43.NASL", "MARIADB_10_2_44.NASL", "MARIADB_10_3_30.NASL", "MARIADB_10_3_31.NASL", "MARIADB_10_3_32.NASL", "MARIADB_10_3_33.NASL", "MARIADB_10_3_34.NASL", "MARIADB_10_3_35.NASL", "MARIADB_10_3_36.NASL", "MARIADB_10_4_20.NASL", "MARIADB_10_4_21.NASL", "MARIADB_10_4_22.NASL", "MARIADB_10_4_23.NASL", "MARIADB_10_4_24.NASL", "MARIADB_10_4_25.NASL", "MARIADB_10_4_26.NASL", "MARIADB_10_5_11.NASL", "MARIADB_10_5_12.NASL", "MARIADB_10_5_13.NASL", "MARIADB_10_5_14.NASL", "MARIADB_10_5_15.NASL", "MARIADB_10_5_16.NASL", "MARIADB_10_5_17.NASL", "MARIADB_10_6_3.NASL", "MARIADB_10_6_4.NASL", "MARIADB_10_6_5.NASL", "MARIADB_10_6_6.NASL", "MARIADB_10_6_7.NASL", "MARIADB_10_6_8.NASL", "MARIADB_10_6_9.NASL", "MARIADB_10_7_2.NASL", "MARIADB_10_7_3.NASL", "MARIADB_10_7_4.NASL", "MARIADB_10_7_5.NASL", "MARIADB_10_8_1.NASL", "MARIADB_10_8_4.NASL", "MARIADB_10_9_2.NASL", "MARINER_MARIADB_CVE-2022-27376.NASL", "MARINER_MARIADB_CVE-2022-27377.NASL", "MARINER_MARIADB_CVE-2022-27378.NASL", "MARINER_MARIADB_CVE-2022-27379.NASL", "MARINER_MARIADB_CVE-2022-27380.NASL", "MARINER_MARIADB_CVE-2022-27381.NASL", "MARINER_MARIADB_CVE-2022-27382.NASL", "MARINER_MARIADB_CVE-2022-27383.NASL", "MARINER_MARIADB_CVE-2022-27384.NASL", "MARINER_MARIADB_CVE-2022-27385.NASL", "MARINER_MARIADB_CVE-2022-27386.NASL", "MARINER_MARIADB_CVE-2022-27387.NASL", "MARINER_MARIADB_CVE-2022-27444.NASL", "MARINER_MARIADB_CVE-2022-27445.NASL", "MARINER_MARIADB_CVE-2022-27446.NASL", "MARINER_MARIADB_CVE-2022-27447.NASL", "MARINER_MARIADB_CVE-2022-27448.NASL", "MARINER_MARIADB_CVE-2022-27449.NASL", "MARINER_MARIADB_CVE-2022-27451.NASL", "MARINER_MARIADB_CVE-2022-27452.NASL", "MARINER_MARIADB_CVE-2022-27456.NASL", "MARINER_MARIADB_CVE-2022-27457.NASL", "MARINER_MARIADB_CVE-2022-27458.NASL", "MARINER_MARIADB_CVE-2022-31624.NASL", "MYSQL_5_7_35.NASL", "MYSQL_5_7_36.NASL", "MYSQL_5_7_38.NASL", "MYSQL_8_0_26.NASL", "MYSQL_8_0_27.NASL", "MYSQL_8_0_29.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_30.NASL", "NESSUS_TNS_2022_06.NASL", "NEWSTART_CGSL_NS-SA-2022-0076_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2022-0096_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2023-0025_OPENSSL.NASL", "NNM_6_0_1.NASL", "NUTANIX_NXSA-AHV-20201105_2286.NASL", "NUTANIX_NXSA-AHV-20201105_30398.NASL", "NUTANIX_NXSA-AHV-20220304_10013.NASL", "NUTANIX_NXSA-AHV-20220304_242.NASL", "NUTANIX_NXSA-AHV-20230302_207.NASL", "NUTANIX_NXSA-AOS-5_20_3_6.NASL", "NUTANIX_NXSA-AOS-5_20_4.NASL", "NUTANIX_NXSA-AOS-5_20_5.NASL", "NUTANIX_NXSA-AOS-6_1_1.NASL", "NUTANIX_NXSA-AOS-6_6.NASL", "OPENSSL_1_0_2ZD.NASL", "OPENSSL_1_1_1N.NASL", "OPENSSL_3_0_2.NASL", "OPENSUSE-2021-2835.NASL", "OPENSUSE-2021-2837.NASL", "OPENSUSE-2021-2939.NASL", "OPENSUSE-2021-3835.NASL", "OPENSUSE-2022-0731-1.NASL", "OPENSUSE-2022-0856-1.NASL", "ORACLELINUX_ELSA-2021-3590.NASL", "ORACLELINUX_ELSA-2022-1065.NASL", "ORACLELINUX_ELSA-2022-1066.NASL", "ORACLELINUX_ELSA-2022-1556.NASL", "ORACLELINUX_ELSA-2022-1557.NASL", "ORACLELINUX_ELSA-2022-4899.NASL", "ORACLELINUX_ELSA-2022-5326.NASL", "ORACLELINUX_ELSA-2022-5826.NASL", "ORACLELINUX_ELSA-2022-5948.NASL", "ORACLELINUX_ELSA-2022-6443.NASL", "ORACLELINUX_ELSA-2022-7119.NASL", "ORACLELINUX_ELSA-2022-9224.NASL", "ORACLELINUX_ELSA-2022-9225.NASL", "ORACLELINUX_ELSA-2022-9233.NASL", "ORACLELINUX_ELSA-2022-9237.NASL", "ORACLELINUX_ELSA-2022-9243.NASL", "ORACLELINUX_ELSA-2022-9246.NASL", "ORACLELINUX_ELSA-2022-9249.NASL", "ORACLELINUX_ELSA-2022-9255.NASL", "ORACLELINUX_ELSA-2022-9258.NASL", "ORACLELINUX_ELSA-2022-9272.NASL", "ORACLELINUX_ELSA-2023-5259.NASL", "ORACLE_MYSQL_CONNECTORS_CPU_APR_2022.NASL", "ORACLE_MYSQL_WORKBENCH_8_0_29.NASL", "PALO_ALTO_CVE-2022-0778.NASL", "PALO_ALTO_GLOBALPROTECT_AGENT_CVE-2022-0778.NASL", "REDHAT-RHSA-2021-3590.NASL", "REDHAT-RHSA-2021-3811.NASL", "REDHAT-RHSA-2022-1007.NASL", "REDHAT-RHSA-2022-1010.NASL", "REDHAT-RHSA-2022-1065.NASL", "REDHAT-RHSA-2022-1066.NASL", "REDHAT-RHSA-2022-1071.NASL", "REDHAT-RHSA-2022-1073.NASL", "REDHAT-RHSA-2022-1076.NASL", "REDHAT-RHSA-2022-1077.NASL", "REDHAT-RHSA-2022-1078.NASL", "REDHAT-RHSA-2022-1082.NASL", "REDHAT-RHSA-2022-1091.NASL", "REDHAT-RHSA-2022-1112.NASL", "REDHAT-RHSA-2022-1263.NASL", "REDHAT-RHSA-2022-1389.NASL", "REDHAT-RHSA-2022-1519.NASL", "REDHAT-RHSA-2022-1556.NASL", "REDHAT-RHSA-2022-1557.NASL", "REDHAT-RHSA-2022-4818.NASL", "REDHAT-RHSA-2022-4896.NASL", "REDHAT-RHSA-2022-4899.NASL", "REDHAT-RHSA-2022-5326.NASL", "REDHAT-RHSA-2022-5759.NASL", "REDHAT-RHSA-2022-5826.NASL", "REDHAT-RHSA-2022-5948.NASL", "REDHAT-RHSA-2022-6306.NASL", "REDHAT-RHSA-2022-6443.NASL", "REDHAT-RHSA-2022-6518.NASL", "REDHAT-RHSA-2022-7119.NASL", "REDHAT-RHSA-2023-5259.NASL", "ROCKY_LINUX_RLSA-2022-1065.NASL", "SECURITYCENTER_5_21_0_TNS_2022_04_1.NASL", "SLACKWARE_SSA_2022-044-01.NASL", "SLACKWARE_SSA_2022-076-02.NASL", "SLACKWARE_SSA_2022-141-01.NASL", "SLACKWARE_SSA_2022-228-01.NASL", "SUSE_SU-2021-2835-1.NASL", "SUSE_SU-2021-2837-1.NASL", "SUSE_SU-2021-2939-1.NASL", "SUSE_SU-2021-3008-1.NASL", "SUSE_SU-2021-3835-1.NASL", "SUSE_SU-2021-3836-1.NASL", "SUSE_SU-2021-3948-1.NASL", "SUSE_SU-2021-4202-1.NASL", "SUSE_SU-2022-0725-1.NASL", "SUSE_SU-2022-0726-1.NASL", "SUSE_SU-2022-0731-1.NASL", "SUSE_SU-2022-0731-2.NASL", "SUSE_SU-2022-0782-1.NASL", "SUSE_SU-2022-0851-1.NASL", "SUSE_SU-2022-0853-1.NASL", "SUSE_SU-2022-0854-1.NASL", "SUSE_SU-2022-0856-1.NASL", "SUSE_SU-2022-0857-1.NASL", "SUSE_SU-2022-0859-1.NASL", "SUSE_SU-2022-0860-1.NASL", "SUSE_SU-2022-0935-1.NASL", "SUSE_SU-2022-1459-1.NASL", "SUSE_SU-2022-1461-1.NASL", "SUSE_SU-2022-1462-1.NASL", "SUSE_SU-2022-14915-1.NASL", "SUSE_SU-2022-14916-1.NASL", "SUSE_SU-2022-2003-1.NASL", "SUSE_SU-2022-2107-1.NASL", "SUSE_SU-2022-2160-1.NASL", "SUSE_SU-2022-2189-1.NASL", "SUSE_SU-2022-2561-1.NASL", "SUSE_SU-2022-3159-1.NASL", "SUSE_SU-2022-3225-1.NASL", "SUSE_SU-2022-3391-1.NASL", "SUSE_SU-2023-2835-1.NASL", "SUSE_SU-2023-3174-1.NASL", "TENABLE_NESSUS_AGENT_TNS-2022-07.NASL", "UBUNTU_USN-5022-1.NASL", "UBUNTU_USN-5022-2.NASL", "UBUNTU_USN-5022-3.NASL", "UBUNTU_USN-5123-1.NASL", "UBUNTU_USN-5123-2.NASL", "UBUNTU_USN-5170-1.NASL", "UBUNTU_USN-5305-1.NASL", "UBUNTU_USN-5328-1.NASL", "UBUNTU_USN-5328-2.NASL", "UBUNTU_USN-5739-1.NASL"]}, {"type": "nodejsblog", "idList": ["NODEJSBLOG:MAR-2022-SECURITY-RELEASES"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2022-0778"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2022", "ORACLE:CPUJUL2021", "ORACLE:CPUJUL2022", "ORACLE:CPUOCT2021", "ORACLE:CPUOCT2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-3590", "ELSA-2022-1065", "ELSA-2022-1066", "ELSA-2022-1556", "ELSA-2022-1557", "ELSA-2022-4899", "ELSA-2022-5326", "ELSA-2022-5826", "ELSA-2022-5948", "ELSA-2022-6443", "ELSA-2022-7119", "ELSA-2022-9224", "ELSA-2022-9225", "ELSA-2022-9233", "ELSA-2022-9237", "ELSA-2022-9243", "ELSA-2022-9246", "ELSA-2022-9249", "ELSA-2022-9255", "ELSA-2022-9258", "ELSA-2022-9272"]}, {"type": "osv", "idList": ["OSV:CVE-2021-2372", "OSV:CVE-2022-0778", "OSV:CVE-2022-27377", "OSV:CVE-2022-27378", "OSV:CVE-2022-27379", "OSV:CVE-2022-27380", "OSV:CVE-2022-27447", "OSV:CVE-2022-27448", "OSV:CVE-2022-27449", "OSV:CVE-2022-27456", "OSV:CVE-2022-27458", "OSV:CVE-2022-31624", "OSV:CVE-2022-32081", "OSV:CVE-2022-32082", "OSV:CVE-2022-32084", "OSV:CVE-2022-32089", "OSV:DLA-2953-1", "OSV:DLA-3114-1", "OSV:GHSA-X3MH-JVJW-3XWX", "OSV:RUSTSEC-2022-0014"]}, {"type": "paloalto", "idList": ["PA-CVE-2022-0778"]}, {"type": "photon", "idList": ["PHSA-2022-0162", "PHSA-2022-0361", "PHSA-2022-0367", "PHSA-2022-0373", "PHSA-2022-0375", "PHSA-2022-0399", "PHSA-2022-0439", "PHSA-2022-0447", "PHSA-2022-0452", "PHSA-2022-0469", "PHSA-2022-0476", "PHSA-2022-0479", "PHSA-2022-0515", "PHSA-2022-3.0-0361", "PHSA-2022-3.0-0367", "PHSA-2022-3.0-0373", "PHSA-2022-3.0-0375", "PHSA-2022-3.0-0399", "PHSA-2022-4.0-0162"]}, {"type": "prion", "idList": ["PRION:CVE-2021-2372", "PRION:CVE-2021-2389", "PRION:CVE-2021-35604", "PRION:CVE-2021-46658", "PRION:CVE-2021-46659", "PRION:CVE-2021-46661", "PRION:CVE-2021-46662", "PRION:CVE-2021-46663", "PRION:CVE-2021-46664", "PRION:CVE-2021-46665", "PRION:CVE-2021-46667", "PRION:CVE-2021-46668", "PRION:CVE-2021-46669", "PRION:CVE-2022-0778", "PRION:CVE-2022-24048", "PRION:CVE-2022-24050", "PRION:CVE-2022-24051", "PRION:CVE-2022-24052", "PRION:CVE-2022-27376", "PRION:CVE-2022-27377", "PRION:CVE-2022-27378", "PRION:CVE-2022-27379", "PRION:CVE-2022-27380", "PRION:CVE-2022-27381", "PRION:CVE-2022-27382", "PRION:CVE-2022-27383", "PRION:CVE-2022-27384", "PRION:CVE-2022-27385", "PRION:CVE-2022-27386", "PRION:CVE-2022-27387", "PRION:CVE-2022-27444", "PRION:CVE-2022-27445", "PRION:CVE-2022-27446", "PRION:CVE-2022-27447", "PRION:CVE-2022-27448", "PRION:CVE-2022-27449", "PRION:CVE-2022-27451", "PRION:CVE-2022-27452", "PRION:CVE-2022-27455", "PRION:CVE-2022-27456", "PRION:CVE-2022-27457", "PRION:CVE-2022-27458", "PRION:CVE-2022-31624", "PRION:CVE-2022-32081", "PRION:CVE-2022-32082", "PRION:CVE-2022-32083", "PRION:CVE-2022-32084", "PRION:CVE-2022-32085", "PRION:CVE-2022-32086", "PRION:CVE-2022-32087", "PRION:CVE-2022-32088", "PRION:CVE-2022-32089"]}, {"type": "redhat", "idList": ["RHSA-2021:3590", "RHSA-2021:3811", "RHSA-2022:1007", "RHSA-2022:1010", "RHSA-2022:1065", "RHSA-2022:1066", "RHSA-2022:1071", "RHSA-2022:1073", "RHSA-2022:1076", "RHSA-2022:1077", "RHSA-2022:1078", "RHSA-2022:1082", "RHSA-2022:1091", "RHSA-2022:1112", "RHSA-2022:1263", "RHSA-2022:1356", "RHSA-2022:1357", "RHSA-2022:1363", "RHSA-2022:1370", "RHSA-2022:1389", "RHSA-2022:1390", "RHSA-2022:1396", "RHSA-2022:1476", "RHSA-2022:1519", "RHSA-2022:1520", "RHSA-2022:1556", "RHSA-2022:1557", "RHSA-2022:1622", "RHSA-2022:1734", "RHSA-2022:1739", "RHSA-2022:1747", "RHSA-2022:2216", "RHSA-2022:2217", "RHSA-2022:2218", "RHSA-2022:4668", "RHSA-2022:4690", "RHSA-2022:4818", "RHSA-2022:4896", "RHSA-2022:4899", "RHSA-2022:4956", "RHSA-2022:5069", "RHSA-2022:5070", "RHSA-2022:5132", "RHSA-2022:5326", "RHSA-2022:5759", "RHSA-2022:5826", "RHSA-2022:5840", "RHSA-2022:5924", "RHSA-2022:5948", "RHSA-2022:6306", "RHSA-2022:6443", "RHSA-2022:6518", "RHSA-2022:6526", "RHSA-2022:7119", "RHSA-2023:5259"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-2372", "RH:CVE-2021-2389", "RH:CVE-2021-35604", "RH:CVE-2021-46658", "RH:CVE-2021-46659", "RH:CVE-2021-46661", "RH:CVE-2021-46662", "RH:CVE-2021-46663", "RH:CVE-2021-46664", "RH:CVE-2021-46665", "RH:CVE-2021-46667", "RH:CVE-2021-46668", "RH:CVE-2021-46669", "RH:CVE-2022-0778", "RH:CVE-2022-24048", "RH:CVE-2022-24050", "RH:CVE-2022-24051", "RH:CVE-2022-24052", "RH:CVE-2022-27376", "RH:CVE-2022-27377", "RH:CVE-2022-27378", "RH:CVE-2022-27379", "RH:CVE-2022-27380", "RH:CVE-2022-27381", "RH:CVE-2022-27382", "RH:CVE-2022-27383", "RH:CVE-2022-27384", "RH:CVE-2022-27385", "RH:CVE-2022-27386", "RH:CVE-2022-27387", "RH:CVE-2022-27444", "RH:CVE-2022-27445", "RH:CVE-2022-27446", "RH:CVE-2022-27447", "RH:CVE-2022-27448", "RH:CVE-2022-27449", "RH:CVE-2022-27451", "RH:CVE-2022-27452", "RH:CVE-2022-27455", "RH:CVE-2022-27456", "RH:CVE-2022-27457", "RH:CVE-2022-27458", "RH:CVE-2022-31624", "RH:CVE-2022-32081", "RH:CVE-2022-32082", "RH:CVE-2022-32083", "RH:CVE-2022-32084", "RH:CVE-2022-32085", "RH:CVE-2022-32086", "RH:CVE-2022-32087", "RH:CVE-2022-32088", "RH:CVE-2022-32089"]}, {"type": "redos", "idList": ["ROS-20220217-01", "ROS-20220318-02"]}, {"type": "rocky", "idList": ["RLSA-2021:3590", "RLSA-2022:1065", "RLSA-2022:1556", "RLSA-2022:1557", "RLSA-2022:4899", "RLSA-2022:5326", "RLSA-2022:5826", "RLSA-2022:5948", "RLSA-2022:6443", "RLSA-2022:7119"]}, {"type": "rosalinux", "idList": ["ROSA-SA-2023-2211"]}, {"type": "rustsec", "idList": ["RUSTSEC-2022-0014"]}, {"type": "slackware", "idList": ["SSA-2022-044-01", "SSA-2022-076-02", "SSA-2022-141-01", "SSA-2022-228-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:2835-1", "OPENSUSE-SU-2021:2837-1", "OPENSUSE-SU-2021:2939-1", "OPENSUSE-SU-2021:3835-1", "OPENSUSE-SU-2022:0725-1", "OPENSUSE-SU-2022:0726-1", "OPENSUSE-SU-2022:0731-1", "OPENSUSE-SU-2022:0856-1", "SUSE-SU-2022:0731-2", "SUSE-SU-2022:1461-1", "SUSE-SU-2022:1462-1", "SUSE-SU-2022:2003-1", "SUSE-SU-2022:2107-1", "SUSE-SU-2022:2561-1", "SUSE-SU-2022:3159-1", "SUSE-SU-2022:3391-1"]}, {"type": "thn", "idList": ["THN:4CD6AEBFF705DD178769DA927390CFFD", "THN:8198C407B889F0B459BC5B078A2D620C", "THN:B878F356832352DE3255B00CFB12A5B7"]}, {"type": "threatpost", "idList": ["THREATPOST:4C9E0FFA5C914E395A66D2DC65B16649"]}, {"type": "ubuntu", "idList": ["USN-5022-1", "USN-5022-2", "USN-5022-3", "USN-5123-1", "USN-5123-2", "USN-5170-1", "USN-5305-1", "USN-5328-1", "USN-5328-2", "USN-5739-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-2372", "UB:CVE-2021-2389", "UB:CVE-2021-35604", "UB:CVE-2021-46658", "UB:CVE-2021-46659", "UB:CVE-2021-46661", "UB:CVE-2021-46662", "UB:CVE-2021-46663", "UB:CVE-2021-46664", "UB:CVE-2021-46665", "UB:CVE-2021-46667", "UB:CVE-2021-46668", "UB:CVE-2021-46669", "UB:CVE-2022-0778", "UB:CVE-2022-24048", "UB:CVE-2022-24050", "UB:CVE-2022-24051", "UB:CVE-2022-24052", "UB:CVE-2022-27376", "UB:CVE-2022-27377", "UB:CVE-2022-27378", "UB:CVE-2022-27379", "UB:CVE-2022-27380", "UB:CVE-2022-27381", "UB:CVE-2022-27382", "UB:CVE-2022-27383", "UB:CVE-2022-27384", "UB:CVE-2022-27385", "UB:CVE-2022-27386", "UB:CVE-2022-27387", "UB:CVE-2022-27444", "UB:CVE-2022-27445", "UB:CVE-2022-27446", "UB:CVE-2022-27447", "UB:CVE-2022-27448", "UB:CVE-2022-27449", "UB:CVE-2022-27451", "UB:CVE-2022-27452", "UB:CVE-2022-27455", "UB:CVE-2022-27456", "UB:CVE-2022-27457", "UB:CVE-2022-27458", "UB:CVE-2022-31624", "UB:CVE-2022-32081", "UB:CVE-2022-32082", "UB:CVE-2022-32083", "UB:CVE-2022-32084", "UB:CVE-2022-32085", "UB:CVE-2022-32086", "UB:CVE-2022-32087", "UB:CVE-2022-32088", "UB:CVE-2022-32089"]}, {"type": "veracode", "idList": ["VERACODE:31536", "VERACODE:31537", "VERACODE:32956", "VERACODE:34716", "VERACODE:34741", "VERACODE:34742", "VERACODE:34743", "VERACODE:34744", "VERACODE:34745", "VERACODE:34746", "VERACODE:34747", "VERACODE:34748", "VERACODE:34750", "VERACODE:34751", "VERACODE:34752", "VERACODE:34753", "VERACODE:35681", "VERACODE:35682", "VERACODE:35683", "VERACODE:35684", "VERACODE:35685", "VERACODE:35686", "VERACODE:35689", "VERACODE:35693", "VERACODE:35694", "VERACODE:35697", "VERACODE:35698", "VERACODE:35699", "VERACODE:35723", "VERACODE:35724", "VERACODE:35725", "VERACODE:35726", "VERACODE:35727", "VERACODE:35728", "VERACODE:35729", "VERACODE:35730", "VERACODE:35731", "VERACODE:35732", "VERACODE:35733", "VERACODE:35823", "VERACODE:35865", "VERACODE:36080", "VERACODE:36818", "VERACODE:36819", "VERACODE:36820", "VERACODE:36821", "VERACODE:37409"]}, {"type": "zdi", "idList": ["ZDI-21-880", "ZDI-22-318", "ZDI-22-363", "ZDI-22-364", "ZDI-22-365", "ZDI-22-366", "ZDI-22-367", "ZDI-22-368"]}]}, "epss": [{"cve": "CVE-2021-2372", "epss": 0.00153, "percentile": 0.50158, "modified": "2023-05-01"}, {"cve": "CVE-2021-2389", "epss": 0.11296, "percentile": 0.94311, "modified": "2023-05-01"}, {"cve": "CVE-2021-35604", "epss": 0.00074, "percentile": 0.30259, "modified": "2023-05-02"}, {"cve": "CVE-2021-46658", "epss": 0.00042, "percentile": 0.05657, "modified": "2023-05-01"}, {"cve": "CVE-2021-46659", "epss": 0.00042, "percentile": 0.05727, "modified": "2023-05-02"}, {"cve": "CVE-2021-46661", "epss": 0.00042, "percentile": 0.05727, "modified": "2023-05-02"}, {"cve": "CVE-2021-46662", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2021-46663", "epss": 0.00042, "percentile": 0.05727, "modified": "2023-05-02"}, {"cve": "CVE-2021-46664", "epss": 0.00042, "percentile": 0.05727, "modified": "2023-05-02"}, {"cve": "CVE-2021-46665", "epss": 0.00042, "percentile": 0.05727, "modified": "2023-05-02"}, {"cve": "CVE-2021-46667", "epss": 0.00042, "percentile": 0.05727, "modified": "2023-05-02"}, {"cve": "CVE-2021-46668", "epss": 0.00042, "percentile": 0.05727, "modified": "2023-05-02"}, {"cve": "CVE-2021-46669", "epss": 0.00123, "percentile": 0.45249, "modified": "2023-05-02"}, {"cve": "CVE-2022-0778", "epss": 0.01367, "percentile": 0.84247, "modified": "2023-05-02"}, {"cve": "CVE-2022-24048", "epss": 0.00048, "percentile": 0.14954, "modified": "2023-05-02"}, {"cve": "CVE-2022-24050", "epss": 0.00048, "percentile": 0.14954, "modified": "2023-05-02"}, {"cve": "CVE-2022-24051", "epss": 0.00045, "percentile": 0.12125, "modified": "2023-05-02"}, {"cve": "CVE-2022-24052", "epss": 0.00048, "percentile": 0.14954, "modified": "2023-05-02"}, {"cve": "CVE-2022-27376", "epss": 0.00068, "percentile": 0.27922, "modified": "2023-05-02"}, {"cve": "CVE-2022-27377", "epss": 0.00068, "percentile": 0.27922, "modified": "2023-05-02"}, {"cve": "CVE-2022-27378", "epss": 0.00082, "percentile": 0.33559, "modified": "2023-05-02"}, {"cve": "CVE-2022-27379", "epss": 0.00082, "percentile": 0.33559, "modified": "2023-05-02"}, {"cve": "CVE-2022-27380", "epss": 0.00082, "percentile": 0.33559, "modified": "2023-05-02"}, {"cve": "CVE-2022-27381", "epss": 0.00082, "percentile": 0.33559, "modified": "2023-05-02"}, {"cve": "CVE-2022-27382", "epss": 0.00063, "percentile": 0.2506, "modified": "2023-05-02"}, {"cve": "CVE-2022-27383", "epss": 0.00068, "percentile": 0.27922, "modified": "2023-05-02"}, {"cve": "CVE-2022-27384", "epss": 0.00082, "percentile": 0.33559, "modified": "2023-05-02"}, {"cve": "CVE-2022-27385", "epss": 0.00063, "percentile": 0.2506, "modified": "2023-05-02"}, {"cve": "CVE-2022-27386", "epss": 0.00082, "percentile": 0.33559, "modified": "2023-05-02"}, {"cve": "CVE-2022-27387", "epss": 0.00066, "percentile": 0.26925, "modified": "2023-05-02"}, {"cve": "CVE-2022-27444", "epss": 0.00063, "percentile": 0.2506, "modified": "2023-05-02"}, {"cve": "CVE-2022-27445", "epss": 0.00068, "percentile": 0.27922, "modified": "2023-05-02"}, {"cve": "CVE-2022-27446", "epss": 0.00063, "percentile": 0.2506, "modified": "2023-05-02"}, {"cve": "CVE-2022-27447", "epss": 0.00068, "percentile": 0.27922, "modified": "2023-05-02"}, {"cve": "CVE-2022-27448", "epss": 0.00068, "percentile": 0.27839, "modified": "2023-05-02"}, {"cve": "CVE-2022-27449", "epss": 0.00068, "percentile": 0.27839, "modified": "2023-05-02"}, {"cve": "CVE-2022-27451", "epss": 0.00068, "percentile": 0.27771, "modified": "2023-05-02"}, {"cve": "CVE-2022-27452", "epss": 0.00068, "percentile": 0.27839, "modified": "2023-05-02"}, {"cve": "CVE-2022-27455", "epss": 0.00068, "percentile": 0.27771, "modified": "2023-05-02"}, {"cve": "CVE-2022-27456", "epss": 0.00068, "percentile": 0.27839, "modified": "2023-05-02"}, {"cve": "CVE-2022-27457", "epss": 0.00068, "percentile": 0.27771, "modified": "2023-05-02"}, {"cve": "CVE-2022-27458", "epss": 0.00068, "percentile": 0.27839, "modified": "2023-05-02"}, {"cve": "CVE-2022-31624", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-32081", "epss": 0.00051, "percentile": 0.17505, "modified": "2023-05-02"}, {"cve": "CVE-2022-32082", "epss": 0.00051, "percentile": 0.17505, "modified": "2023-05-02"}, {"cve": "CVE-2022-32083", "epss": 0.00047, "percentile": 0.14518, "modified": "2023-05-02"}, {"cve": "CVE-2022-32084", "epss": 0.00061, "percentile": 0.23776, "modified": "2023-05-02"}, {"cve": "CVE-2022-32085", "epss": 0.00047, "percentile": 0.14499, "modified": "2023-05-02"}, {"cve": "CVE-2022-32086", "epss": 0.00046, "percentile": 0.13987, "modified": "2023-05-02"}, {"cve": "CVE-2022-32087", "epss": 0.00047, "percentile": 0.14499, "modified": "2023-05-02"}, {"cve": "CVE-2022-32088", "epss": 0.00047, "percentile": 0.14499, "modified": "2023-05-02"}, {"cve": "CVE-2022-32089", "epss": 0.00051, "percentile": 0.17505, "modified": "2023-05-02"}], "score": {"value": 8.4, "vector": "NONE"}, "vulnersScore": 8.4}, "_state": {"dependencies": 1696253859, "score": 1698855703, "epss": 0}, "_internal": {"score_hash": "7cdc14b7f0ba02c623e22d2206ae2d00"}, "pluginID": "173101", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2023-037.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173101);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/21\");\n\n script_cve_id(\n \"CVE-2021-2372\",\n \"CVE-2021-2389\",\n \"CVE-2021-35604\",\n \"CVE-2021-46658\",\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46662\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46667\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-0778\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27385\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31624\",\n \"CVE-2022-32081\",\n \"CVE-2022-32082\",\n \"CVE-2022-32083\",\n \"CVE-2022-32084\",\n \"CVE-2022-32085\",\n \"CVE-2022-32086\",\n \"CVE-2022-32087\",\n \"CVE-2022-32088\",\n \"CVE-2022-32089\"\n );\n\n script_name(english:\"Amazon Linux 2023 : mariadb105, mariadb105-backup, mariadb105-common (ALAS2023-2023-037)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2023 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-037 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2021-2372)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2021-2389)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of\n MySQL Server accessible data. (CVE-2021-35604)\n\n - save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect\n handling of with_window_func=true for a subquery. (CVE-2021-46658)\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that\n SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an\n unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in\n conjunction with a nested subquery. (CVE-2021-46662)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations. (CVE-2021-46665)\n\n - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that\n improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop\n forever for non-prime moduli. Internally this function is used when parsing certificates that contain\n elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point\n encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has\n invalid explicit curve parameters. Since certificate parsing happens prior to verification of the\n certificate signature, any process that parses an externally supplied certificate may thus be subject to a\n denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they\n can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients\n consuming server certificates - TLS servers consuming client certificates - Hosting providers taking\n certificates or private keys from customers - Certificate authorities parsing certification requests from\n subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that\n use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS\n issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate\n which makes it slightly harder to trigger the infinite loop. However any operation which requires the\n public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-\n signed certificate to trigger the loop during verification of the certificate signature. This issue\n affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the\n 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected\n 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability\n allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is\n required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The\n issue results from the lack of validating the existence of an object prior to performing operations on the\n object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in\n the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows\n local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to\n exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue\n results from the lack of proper validation of a user-supplied string before using it as a format\n specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code\n in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server\n v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted\n SQL statements. (CVE-2022-27385)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the\n plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released\n correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624)\n\n - MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at\n /storage/innobase/handler/handler0alter.cc. (CVE-2022-32081)\n\n - MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in\n dict0dict.cc. (CVE-2022-32082)\n\n - MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component\n Item_subselect::init_expr_cache_tracker. (CVE-2022-32083)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.\n (CVE-2022-32084)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component\n Item_func_in::cleanup/Item::cleanup_processor. (CVE-2022-32085)\n\n - MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component\n Item_field::fix_outer_field. (CVE-2022-32086)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component\n Item_args::walk_args. (CVE-2022-32087)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component\n Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. (CVE-2022-32088)\n\n - MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component\n st_select_lex_unit::exclude_level. (CVE-2022-32089)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2023/ALAS-2023-037.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-2372.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-2389.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-35604.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46658.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46659.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46661.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46662.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46663.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46664.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46665.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46667.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46668.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46669.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0778.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24048.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24050.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24051.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24052.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27376.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27378.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27379.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27380.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27381.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27382.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27383.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27384.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27385.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27386.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27387.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27444.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27445.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27446.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27447.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27448.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27449.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27451.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27452.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27455.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27456.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27457.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27458.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-31624.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32081.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32082.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32083.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32084.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32085.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32086.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32087.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32088.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32089.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update mariadb105 --releasever=2023.0.20230222 ' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32081\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-backup-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-connect-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-connect-engine-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-cracklib-password-check\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-cracklib-password-check-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-gssapi-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-oqgraph-engine-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-pam-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-rocksdb-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-rocksdb-engine-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-server-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-sphinx-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-sphinx-engine-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2023\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"-2023\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2023\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'mariadb105-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-backup-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-backup-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-backup-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-backup-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-backup-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-backup-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-common-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-common-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-common-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-connect-engine-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-connect-engine-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-connect-engine-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-connect-engine-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-connect-engine-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-connect-engine-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-cracklib-password-check-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-cracklib-password-check-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-cracklib-password-check-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-cracklib-password-check-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-cracklib-password-check-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-cracklib-password-check-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-debugsource-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-debugsource-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-debugsource-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-devel-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-devel-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-devel-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-errmsg-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-errmsg-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-errmsg-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-gssapi-server-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-gssapi-server-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-gssapi-server-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-gssapi-server-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-gssapi-server-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-gssapi-server-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-oqgraph-engine-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-oqgraph-engine-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-oqgraph-engine-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-oqgraph-engine-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-oqgraph-engine-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-oqgraph-engine-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-pam-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-pam-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-pam-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-pam-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-pam-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-pam-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-rocksdb-engine-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-rocksdb-engine-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-utils-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-utils-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-utils-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-utils-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-utils-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-utils-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-sphinx-engine-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-sphinx-engine-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-sphinx-engine-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-sphinx-engine-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-sphinx-engine-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-sphinx-engine-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-test-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-test-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-test-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-test-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-test-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-test-debuginfo-10.5.16-1.amzn2023.0.7', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb105 / mariadb105-backup / mariadb105-backup-debuginfo / etc\");\n}", "naslFamily": "Amazon Linux Local Security Checks", "cpe": ["p-cpe:/a:amazon:linux:mariadb105-pam", "p-cpe:/a:amazon:linux:mariadb105-backup", "p-cpe:/a:amazon:linux:mariadb105-cracklib-password-check-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-backup-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-server", "cpe:/o:amazon:linux:2023", "p-cpe:/a:amazon:linux:mariadb105-oqgraph-engine-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-server-utils-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-common", "p-cpe:/a:amazon:linux:mariadb105-connect-engine", "p-cpe:/a:amazon:linux:mariadb105-test", "p-cpe:/a:amazon:linux:mariadb105-gssapi-server", "p-cpe:/a:amazon:linux:mariadb105-gssapi-server-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-server-utils", "p-cpe:/a:amazon:linux:mariadb105-sphinx-engine", "p-cpe:/a:amazon:linux:mariadb105-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-debugsource", "p-cpe:/a:amazon:linux:mariadb105-test-debuginfo", "p-cpe:/a:amazon:linux:mariadb105", "p-cpe:/a:amazon:linux:mariadb105-pam-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-rocksdb-engine", "p-cpe:/a:amazon:linux:mariadb105-oqgraph-engine", "p-cpe:/a:amazon:linux:mariadb105-server-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-connect-engine-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-devel", "p-cpe:/a:amazon:linux:mariadb105-cracklib-password-check", "p-cpe:/a:amazon:linux:mariadb105-rocksdb-engine-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-sphinx-engine-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-errmsg"], "solution": "Run 'dnf update mariadb105 --releasever=2023.0.20230222 ' to update your system.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2022-32081", "vendor_cvss2": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "vendor_cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2023-02-17T00:00:00", "vulnerabilityPublicationDate": "2021-07-20T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-10-18T14:53:57", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5759 advisory.\n\n - mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)\n\n - mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) (CVE-2021-46661)\n\n - mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements (CVE-2021-46663)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664)\n\n - mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations (CVE-2021-46665)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements (CVE-2021-46668)\n\n - mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed- length stack-based buffer (CVE-2022-24048)\n\n - mariadb: lack of validating the existence of an object prior to performing operations on the object (CVE-2022-24050)\n\n - mariadb: lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051)\n\n - mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)\n\n - mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)\n\n - mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)\n\n - mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)\n\n - mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)\n\n - mariadb: server crash at my_decimal::operator= (CVE-2022-27380)\n\n - mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)\n\n - mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order (CVE-2022-27382)\n\n - mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)\n\n - mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)\n\n - mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)\n\n - mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)\n\n - mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)\n\n - mariadb: assertion failure in compare_order_elements (CVE-2022-27445)\n\n - mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)\n\n - mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447, CVE-2022-27458)\n\n - mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)\n\n - mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)\n\n - mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)\n\n - mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)\n\n - mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)\n\n - mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)\n\n - mariadb: incorrect key in dup value error after long unique (CVE-2022-27457)\n\n - mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622, CVE-2022-31623)\n\n - mariadb: server crash at Item_subselect::init_expr_cache_tracker (CVE-2022-32083)\n\n - mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor (CVE-2022-32085)\n\n - mariadb: server crash in Item_field::fix_outer_field for INSERT SELECT (CVE-2022-32086)\n\n - mariadb: server crash in Item_args::walk_args (CVE-2022-32087)\n\n - mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort (CVE-2022-32088)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-28T00:00:00", "type": "nessus", "title": "RHEL 7 : rh-mariadb105-galera and rh-mariadb105-mariadb (RHSA-2022:5759)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-21595", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31622", "CVE-2022-31623", "CVE-2022-32083", "CVE-2022-32085", "CVE-2022-32086", "CVE-2022-32087", "CVE-2022-32088"], "modified": "2023-10-17T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-backup", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-backup-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-common", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-config", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-config-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-connect-engine", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-devel", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-errmsg", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-gssapi-server", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-libs", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-oqgraph-engine", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-pam", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-galera", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-galera-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-utils", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-utils-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-test"], "id": "REDHAT-RHSA-2022-5759.NASL", "href": "https://www.tenable.com/plugins/nessus/163524", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:5759. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163524);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/17\");\n\n script_cve_id(\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\",\n \"CVE-2022-32083\",\n \"CVE-2022-32085\",\n \"CVE-2022-32086\",\n \"CVE-2022-32087\",\n \"CVE-2022-32088\"\n );\n script_xref(name:\"RHSA\", value:\"2022:5759\");\n\n script_name(english:\"RHEL 7 : rh-mariadb105-galera and rh-mariadb105-mariadb (RHSA-2022:5759)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:5759 advisory.\n\n - mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)\n\n - mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused\n common table expression (CTE) (CVE-2021-46661)\n\n - mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements\n (CVE-2021-46663)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value\n of aggr (CVE-2021-46664)\n\n - mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations (CVE-2021-46665)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements\n (CVE-2021-46668)\n\n - mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the\n BIGINT data type is used (CVE-2021-46669)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-\n length stack-based buffer (CVE-2022-24048)\n\n - mariadb: lack of validating the existence of an object prior to performing operations on the object\n (CVE-2022-24050)\n\n - mariadb: lack of proper validation of a user-supplied string before using it as a format specifier\n (CVE-2022-24051)\n\n - mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)\n\n - mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)\n\n - mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)\n\n - mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)\n\n - mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)\n\n - mariadb: server crash at my_decimal::operator= (CVE-2022-27380)\n\n - mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)\n\n - mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order\n (CVE-2022-27382)\n\n - mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)\n\n - mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)\n\n - mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)\n\n - mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)\n\n - mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)\n\n - mariadb: assertion failure in compare_order_elements (CVE-2022-27445)\n\n - mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)\n\n - mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447, CVE-2022-27458)\n\n - mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)\n\n - mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)\n\n - mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)\n\n - mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)\n\n - mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)\n\n - mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)\n\n - mariadb: incorrect key in dup value error after long unique (CVE-2022-27457)\n\n - mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622,\n CVE-2022-31623)\n\n - mariadb: server crash at Item_subselect::init_expr_cache_tracker (CVE-2022-32083)\n\n - mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor (CVE-2022-32085)\n\n - mariadb: server crash in Item_field::fix_outer_field for INSERT SELECT (CVE-2022-32086)\n\n - mariadb: server crash in Item_args::walk_args (CVE-2022-32087)\n\n - mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort\n (CVE-2022-32088)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-32083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-32085\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-32086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-32087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-32088\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:5759\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2049302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2068211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2068233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2068234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2069833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2076144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2076145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2106008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142862\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 89, 119, 120, 122, 229, 400, 404, 416, 476, 617, 667, 1173);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-backup-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-config-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-connect-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-galera-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-utils-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/os',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-mariadb105-mariadb-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-backup-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-backup-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-backup-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-backup-syspaths-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-backup-syspaths-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-backup-syspaths-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-common-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-common-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-common-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-config-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-config-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-config-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-config-syspaths-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-config-syspaths-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-config-syspaths-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-connect-engine-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-connect-engine-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-connect-engine-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-devel-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-devel-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-devel-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-errmsg-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-errmsg-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-errmsg-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-gssapi-server-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-gssapi-server-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-gssapi-server-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-libs-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-libs-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-libs-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-oqgraph-engine-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-oqgraph-engine-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-oqgraph-engine-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-pam-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-pam-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-pam-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-galera-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-galera-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-galera-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-galera-syspaths-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-galera-syspaths-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-galera-syspaths-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-syspaths-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-syspaths-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-syspaths-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-utils-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-utils-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-utils-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-utils-syspaths-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-utils-syspaths-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-utils-syspaths-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-syspaths-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-syspaths-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-syspaths-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-test-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-test-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-test-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-mariadb105-mariadb / rh-mariadb105-mariadb-backup / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T14:56:04", "description": "The version of mariadb installed on the remote host is prior to 10.5.16 / 10.6.8. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-141-01 advisory.\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-21T00:00:00", "type": "nessus", "title": "Slackware Linux 15.0 / current mariadb Multiple Vulnerabilities (SSA:2022-141-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458"], "modified": "2023-10-26T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:mariadb", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:15.0"], "id": "SLACKWARE_SSA_2022-141-01.NASL", "href": "https://www.tenable.com/plugins/nessus/161429", "sourceData": "##\n# (C) Tenable, Inc.\n##\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Slackware Security Advisory SSA:2022-141-01. The text\n# itself is copyright (C) Slackware Linux, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161429);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/26\");\n\n script_cve_id(\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\"\n );\n\n script_name(english:\"Slackware Linux 15.0 / current mariadb Multiple Vulnerabilities (SSA:2022-141-01)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Slackware Linux host is missing a security update to mariadb.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of mariadb installed on the remote host is prior to 10.5.16 / 10.6.8. It is, therefore, affected by multiple\nvulnerabilities as referenced in the SSA:2022-141-01 advisory.\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the affected mariadb package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27458\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:15.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Slackware Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\ninclude(\"slackware.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\nvar flag = 0;\nvar constraints = [\n { 'fixed_version' : '10.5.16', 'product' : 'mariadb', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1_slack15.0', 'arch' : 'i586' },\n { 'fixed_version' : '10.5.16', 'product' : 'mariadb', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1_slack15.0', 'arch' : 'x86_64' },\n { 'fixed_version' : '10.6.8', 'product' : 'mariadb', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '1', 'arch' : 'i586' },\n { 'fixed_version' : '10.6.8', 'product' : 'mariadb', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '1', 'arch' : 'x86_64' }\n];\n\nforeach constraint (constraints) {\n var pkg_arch = constraint['arch'];\n var arch = NULL;\n if (pkg_arch == \"x86_64\") {\n arch = pkg_arch;\n }\n if (slackware_check(osver:constraint['os_version'],\n arch:arch,\n pkgname:constraint['product'],\n pkgver:constraint['fixed_version'],\n pkgarch:pkg_arch,\n pkgnum:constraint['service_pack'])) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : slackware_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-24T16:55:05", "description": "The version of MariaDB installed on the remote host is prior to 10.7.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-1074-release-notes advisory.\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "MariaDB 10.7.0 < 10.7.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46669", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-32083", "CVE-2022-32085", "CVE-2022-32086", "CVE-2022-32087", "CVE-2022-32088"], "modified": "2023-08-23T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_7_4.NASL", "href": "https://www.tenable.com/plugins/nessus/160725", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160725);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/23\");\n\n script_cve_id(\n \"CVE-2021-46669\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-32083\",\n \"CVE-2022-32085\",\n \"CVE-2022-32086\",\n \"CVE-2022-32087\",\n \"CVE-2022-32088\"\n );\n\n script_name(english:\"MariaDB 10.7.0 < 10.7.4 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.7.4. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mariadb-1074-release-notes advisory.\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10-7-4-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.7.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32088\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mariadb_nix_installed.nbin\", \"mariadb_win_installed.nbin\", \"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'MariaDB');\n\nif (!(app_info.local) && report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, 'MariaDB');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [\n { 'min_version' : '10.7', 'fixed_version' : '10.7.4' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-24T16:28:01", "description": "The version of MariaDB installed on the remote host is prior to 10.6.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-1068-release-notes advisory.\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "MariaDB 10.6.0 < 10.6.8 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46669", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-32083", "CVE-2022-32085", "CVE-2022-32086", "CVE-2022-32087", "CVE-2022-32088"], "modified": "2023-08-23T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_6_8.NASL", "href": "https://www.tenable.com/plugins/nessus/160723", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160723);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/23\");\n\n script_cve_id(\n \"CVE-2021-46669\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-32083\",\n \"CVE-2022-32085\",\n \"CVE-2022-32086\",\n \"CVE-2022-32087\",\n \"CVE-2022-32088\"\n );\n\n script_name(english:\"MariaDB 10.6.0 < 10.6.8 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.6.8. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mariadb-1068-release-notes advisory.\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10-6-8-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.6.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32088\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mariadb_nix_installed.nbin\", \"mariadb_win_installed.nbin\", \"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'MariaDB');\n\nif (!(app_info.local) && report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, 'MariaDB');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [\n { 'min_version' : '10.6', 'fixed_version' : '10.6.8' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T19:28:35", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-182 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2372)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2389)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35604)\n\n - save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. (CVE-2021-46658)\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. (CVE-2021-46662)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665)\n\n - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self- signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27385)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624)\n\n - MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. (CVE-2022-32083)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. (CVE-2022-32085)\n\n - MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. (CVE-2022-32086)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. (CVE-2022-32087)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. (CVE-2022-32088)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-05T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : (ALAS2022-2022-182)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-2372", "CVE-2021-2389", "CVE-2021-35604", "CVE-2021-46658", "CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46662", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46667", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-0778", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27385", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31624", "CVE-2022-32083", "CVE-2022-32085", "CVE-2022-32086", "CVE-2022-32087", "CVE-2022-32088"], "modified": "2023-10-05T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mariadb105", "p-cpe:/a:amazon:linux:mariadb105-backup", "p-cpe:/a:amazon:linux:mariadb105-backup-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-common", "p-cpe:/a:amazon:linux:mariadb105-connect-engine", "p-cpe:/a:amazon:linux:mariadb105-connect-engine-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-cracklib-password-check", "p-cpe:/a:amazon:linux:mariadb105-cracklib-password-check-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-debugsource", "p-cpe:/a:amazon:linux:mariadb105-devel", "p-cpe:/a:amazon:linux:mariadb105-errmsg", "p-cpe:/a:amazon:linux:mariadb105-gssapi-server", "p-cpe:/a:amazon:linux:mariadb105-gssapi-server-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-oqgraph-engine", "p-cpe:/a:amazon:linux:mariadb105-oqgraph-engine-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-pam", "p-cpe:/a:amazon:linux:mariadb105-pam-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-rocksdb-engine", "p-cpe:/a:amazon:linux:mariadb105-rocksdb-engine-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-server", "p-cpe:/a:amazon:linux:mariadb105-server-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-server-utils", "p-cpe:/a:amazon:linux:mariadb105-server-utils-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-sphinx-engine", "p-cpe:/a:amazon:linux:mariadb105-sphinx-engine-debuginfo", "p-cpe:/a:amazon:linux:mariadb105-test", "p-cpe:/a:amazon:linux:mariadb105-test-debuginfo", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-182.NASL", "href": "https://www.tenable.com/plugins/nessus/167033", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-182.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167033);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/05\");\n\n script_cve_id(\n \"CVE-2021-2372\",\n \"CVE-2021-2389\",\n \"CVE-2021-35604\",\n \"CVE-2021-46658\",\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46662\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46667\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-0778\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27385\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31624\",\n \"CVE-2022-32083\",\n \"CVE-2022-32085\",\n \"CVE-2022-32086\",\n \"CVE-2022-32087\",\n \"CVE-2022-32088\"\n );\n\n script_name(english:\"Amazon Linux 2022 : (ALAS2022-2022-182)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-182 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2021-2372)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2021-2389)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of\n MySQL Server accessible data. (CVE-2021-35604)\n\n - save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect\n handling of with_window_func=true for a subquery. (CVE-2021-46658)\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that\n SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an\n unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in\n conjunction with a nested subquery. (CVE-2021-46662)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations. (CVE-2021-46665)\n\n - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that\n improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop\n forever for non-prime moduli. Internally this function is used when parsing certificates that contain\n elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point\n encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has\n invalid explicit curve parameters. Since certificate parsing happens prior to verification of the\n certificate signature, any process that parses an externally supplied certificate may thus be subject to a\n denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they\n can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients\n consuming server certificates - TLS servers consuming client certificates - Hosting providers taking\n certificates or private keys from customers - Certificate authorities parsing certification requests from\n subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that\n use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS\n issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate\n which makes it slightly harder to trigger the infinite loop. However any operation which requires the\n public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-\n signed certificate to trigger the loop during verification of the certificate signature. This issue\n affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the\n 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected\n 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability\n allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is\n required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The\n issue results from the lack of validating the existence of an object prior to performing operations on the\n object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in\n the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows\n local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to\n exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue\n results from the lack of proper validation of a user-supplied string before using it as a format\n specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code\n in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server\n v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted\n SQL statements. (CVE-2022-27385)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the\n plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released\n correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624)\n\n - MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component\n Item_subselect::init_expr_cache_tracker. (CVE-2022-32083)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component\n Item_func_in::cleanup/Item::cleanup_processor. (CVE-2022-32085)\n\n - MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component\n Item_field::fix_outer_field. (CVE-2022-32086)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component\n Item_args::walk_args. (CVE-2022-32087)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component\n Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. (CVE-2022-32088)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-182.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-2372.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-2389.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-35604.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46658.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46659.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46661.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46662.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46663.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46664.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46665.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46667.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46668.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46669.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0778.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24048.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24050.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24051.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24052.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27376.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27378.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27379.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27380.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27381.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27382.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27383.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27384.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27385.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27386.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27387.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27444.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27445.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27446.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27447.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27448.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27449.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27451.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27452.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27455.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27456.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27457.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27458.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-31624.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32083.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32085.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32086.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32087.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32088.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update mariadb105 --releasever=2022.0.20221102' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35604\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-backup-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-connect-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-connect-engine-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-cracklib-password-check\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-cracklib-password-check-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-gssapi-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-oqgraph-engine-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-pam-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-rocksdb-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-rocksdb-engine-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-server-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-sphinx-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-sphinx-engine-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb105-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'mariadb105-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-backup-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-backup-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-backup-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-backup-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-backup-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-backup-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-common-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-common-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-common-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-connect-engine-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-connect-engine-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-connect-engine-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-connect-engine-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-connect-engine-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-connect-engine-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-cracklib-password-check-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-cracklib-password-check-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-cracklib-password-check-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-cracklib-password-check-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-cracklib-password-check-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-cracklib-password-check-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-debugsource-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-debugsource-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-debugsource-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-devel-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-devel-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-devel-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-errmsg-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-errmsg-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-errmsg-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-gssapi-server-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-gssapi-server-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-gssapi-server-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-gssapi-server-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-gssapi-server-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-gssapi-server-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-oqgraph-engine-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-oqgraph-engine-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-oqgraph-engine-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-oqgraph-engine-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-oqgraph-engine-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-oqgraph-engine-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-pam-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-pam-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-pam-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-pam-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-pam-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-pam-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-rocksdb-engine-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-rocksdb-engine-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-utils-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-utils-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-utils-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-utils-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-utils-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-server-utils-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-sphinx-engine-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-sphinx-engine-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-sphinx-engine-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-sphinx-engine-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-sphinx-engine-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-sphinx-engine-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-test-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-test-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-test-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-test-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-test-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb105-test-debuginfo-10.5.16-1.amzn2022.0.4', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb105 / mariadb105-backup / mariadb105-backup-debuginfo / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-06T15:46:48", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2561-1 advisory.\n\n - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. (CVE-2021-46657)\n\n - save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. (CVE-2021-46658)\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-28T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : mariadb (SUSE-SU-2022:2561-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46657", "CVE-2021-46658", "CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmariadbd-devel", "p-cpe:/a:novell:suse_linux:libmariadbd19", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-tools", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2561-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163504", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2561-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163504);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-46657\",\n \"CVE-2021-46658\",\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2561-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : mariadb (SUSE-SU-2022:2561-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2561-1 advisory.\n\n - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER\n BY. (CVE-2021-46657)\n\n - save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect\n handling of with_window_func=true for a subquery. (CVE-2021-46658)\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that\n SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an\n unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that\n improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability\n allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is\n required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The\n issue results from the lack of validating the existence of an object prior to performing operations on the\n object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in\n the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows\n local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to\n exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue\n results from the lack of proper validation of a user-supplied string before using it as a format\n specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code\n in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195325\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195334\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195339\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27458\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011679.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf3e36a6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadbd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadbd19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libmariadbd-devel-10.6.8-150400.3.7.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'libmariadbd19-10.6.8-150400.3.7.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'mariadb-10.6.8-150400.3.7.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'mariadb-client-10.6.8-150400.3.7.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'mariadb-errormessages-10.6.8-150400.3.7.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'mariadb-tools-10.6.8-150400.3.7.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'libmariadbd-devel-10.6.8-150400.3.7.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-server-applications-release-15.4', 'sles-release-15.4']},\n {'reference':'libmariadbd19-10.6.8-150400.3.7.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-server-applications-release-15.4', 'sles-release-15.4']},\n {'reference':'mariadb-10.6.8-150400.3.7.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-server-applications-release-15.4', 'sles-release-15.4']},\n {'reference':'mariadb-client-10.6.8-150400.3.7.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-server-applications-release-15.4', 'sles-release-15.4']},\n {'reference':'mariadb-errormessages-10.6.8-150400.3.7.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-server-applications-release-15.4', 'sles-release-15.4']},\n {'reference':'mariadb-tools-10.6.8-150400.3.7.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-server-applications-release-15.4', 'sles-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libmariadbd-devel / libmariadbd19 / mariadb / mariadb-client / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-03T19:10:37", "description": "The version of mariadb installed on the remote host is prior to 10.5.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2MARIADB10.5-2023-003 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2372)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2389)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35604)\n\n - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. (CVE-2021-46657)\n\n - save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. (CVE-2021-46658)\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. (CVE-2021-46662)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665)\n\n - MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. (CVE-2021-46666)\n\n - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self- signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21595)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27385)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31623)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624)\n\n - MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. (CVE-2022-32081)\n\n - MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. (CVE-2022-32082)\n\n - MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. (CVE-2022-32083)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.\n (CVE-2022-32084)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. (CVE-2022-32085)\n\n - MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. (CVE-2022-32086)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. (CVE-2022-32087)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. (CVE-2022-32088)\n\n - MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. (CVE-2022-32089)\n\n - MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. (CVE-2022-32091)\n\n - In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. (CVE-2022-38791)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-27T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : mariadb (ALASMARIADB10.5-2023-003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-2372", "CVE-2021-2389", "CVE-2021-35604", "CVE-2021-46657", "CVE-2021-46658", "CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46662", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46666", "CVE-2021-46667", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-0778", "CVE-2022-21595", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27385", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31622", "CVE-2022-31623", "CVE-2022-31624", "CVE-2022-32081", "CVE-2022-32082", "CVE-2022-32083", "CVE-2022-32084", "CVE-2022-32085", "CVE-2022-32086", "CVE-2022-32087", "CVE-2022-32088", "CVE-2022-32089", "CVE-2022-32091", "CVE-2022-38791"], "modified": "2023-09-28T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mariadb", "p-cpe:/a:amazon:linux:mariadb-backup", "p-cpe:/a:amazon:linux:mariadb-common", "p-cpe:/a:amazon:linux:mariadb-config", "p-cpe:/a:amazon:linux:mariadb-connect-engine", "p-cpe:/a:amazon:linux:mariadb-cracklib-password-check", "p-cpe:/a:amazon:linux:mariadb-debuginfo", "p-cpe:/a:amazon:linux:mariadb-devel", "p-cpe:/a:amazon:linux:mariadb-embedded", "p-cpe:/a:amazon:linux:mariadb-embedded-devel", "p-cpe:/a:amazon:linux:mariadb-errmsg", "p-cpe:/a:amazon:linux:mariadb-gssapi-server", "p-cpe:/a:amazon:linux:mariadb-libs", "p-cpe:/a:amazon:linux:mariadb-oqgraph-engine", "p-cpe:/a:amazon:linux:mariadb-pam", "p-cpe:/a:amazon:linux:mariadb-rocksdb-engine", "p-cpe:/a:amazon:linux:mariadb-s3-engine", "p-cpe:/a:amazon:linux:mariadb-server", "p-cpe:/a:amazon:linux:mariadb-server-galera", "p-cpe:/a:amazon:linux:mariadb-server-utils", "p-cpe:/a:amazon:linux:mariadb-sphinx-engine", "p-cpe:/a:amazon:linux:mariadb-test", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASMARIADB10_5-2023-003.NASL", "href": "https://www.tenable.com/plugins/nessus/181931", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASMARIADB10.5-2023-003.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(181931);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/28\");\n\n script_cve_id(\n \"CVE-2021-2372\",\n \"CVE-2021-2389\",\n \"CVE-2021-35604\",\n \"CVE-2021-46657\",\n \"CVE-2021-46658\",\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46662\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46666\",\n \"CVE-2021-46667\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-0778\",\n \"CVE-2022-21595\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27385\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\",\n \"CVE-2022-31624\",\n \"CVE-2022-32081\",\n \"CVE-2022-32082\",\n \"CVE-2022-32083\",\n \"CVE-2022-32084\",\n \"CVE-2022-32085\",\n \"CVE-2022-32086\",\n \"CVE-2022-32087\",\n \"CVE-2022-32088\",\n \"CVE-2022-32089\",\n \"CVE-2022-32091\",\n \"CVE-2022-38791\"\n );\n\n script_name(english:\"Amazon Linux 2 : mariadb (ALASMARIADB10.5-2023-003)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of mariadb installed on the remote host is prior to 10.5.18-1. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2MARIADB10.5-2023-003 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2021-2372)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2021-2389)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of\n MySQL Server accessible data. (CVE-2021-35604)\n\n - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER\n BY. (CVE-2021-46657)\n\n - save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect\n handling of with_window_func=true for a subquery. (CVE-2021-46658)\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that\n SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an\n unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in\n conjunction with a nested subquery. (CVE-2021-46662)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations. (CVE-2021-46665)\n\n - MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING\n clause to a WHERE clause. (CVE-2021-46666)\n\n - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that\n improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop\n forever for non-prime moduli. Internally this function is used when parsing certificates that contain\n elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point\n encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has\n invalid explicit curve parameters. Since certificate parsing happens prior to verification of the\n certificate signature, any process that parses an externally supplied certificate may thus be subject to a\n denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they\n can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients\n consuming server certificates - TLS servers consuming client certificates - Hosting providers taking\n certificates or private keys from customers - Certificate authorities parsing certification requests from\n subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that\n use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS\n issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate\n which makes it slightly harder to trigger the infinite loop. However any operation which requires the\n public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-\n signed certificate to trigger the loop during verification of the certificate signature. This issue\n affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the\n 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected\n 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21595)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability\n allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is\n required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The\n issue results from the lack of validating the existence of an object prior to performing operations on the\n object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in\n the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows\n local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to\n exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue\n results from the lack of proper validation of a user-supplied string before using it as a format\n specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code\n in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server\n v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted\n SQL statements. (CVE-2022-27385)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads,\n the held lock is not released correctly, which allows local users to trigger a denial of service due to\n the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held\n lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service\n due to the deadlock. (CVE-2022-31623)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the\n plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released\n correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624)\n\n - MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at\n /storage/innobase/handler/handler0alter.cc. (CVE-2022-32081)\n\n - MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in\n dict0dict.cc. (CVE-2022-32082)\n\n - MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component\n Item_subselect::init_expr_cache_tracker. (CVE-2022-32083)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.\n (CVE-2022-32084)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component\n Item_func_in::cleanup/Item::cleanup_processor. (CVE-2022-32085)\n\n - MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component\n Item_field::fix_outer_field. (CVE-2022-32086)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component\n Item_args::walk_args. (CVE-2022-32087)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component\n Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. (CVE-2022-32088)\n\n - MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component\n st_select_lex_unit::exclude_level. (CVE-2022-32089)\n\n - MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at\n /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. (CVE-2022-32091)\n\n - In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex\n upon a stream write failure, which allows local users to trigger a deadlock. (CVE-2022-38791)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASMARIADB10.5-2023-003.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-2372.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-2389.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-35604.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46657.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46658.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46659.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46661.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46662.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46663.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46664.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46665.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46666.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46667.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46668.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-46669.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0778.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-21595.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24048.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24050.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24051.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24052.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27376.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27378.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27379.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27380.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27381.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27382.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27383.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27384.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27385.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27386.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27387.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27444.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27445.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27446.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27447.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27448.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27449.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27451.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27452.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27455.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27456.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27457.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27458.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-31622.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-31623.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-31624.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32081.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32082.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32083.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32084.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32085.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32086.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32087.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32088.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32089.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32091.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-38791.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update mariadb' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32081\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-connect-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-cracklib-password-check\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-rocksdb-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-s3-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-sphinx-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'mariadb-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-backup-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-backup-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-common-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-common-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-config-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-config-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-connect-engine-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-connect-engine-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-cracklib-password-check-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-cracklib-password-check-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-debuginfo-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-debuginfo-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-devel-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-devel-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-embedded-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-embedded-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-embedded-devel-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-embedded-devel-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-errmsg-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-errmsg-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-gssapi-server-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-gssapi-server-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-libs-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-libs-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-oqgraph-engine-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-oqgraph-engine-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-pam-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-pam-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-rocksdb-engine-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-s3-engine-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-s3-engine-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-server-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-server-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-server-galera-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-server-galera-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-server-utils-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-server-utils-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-sphinx-engine-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-sphinx-engine-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-test-10.5.18-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'},\n {'reference':'mariadb-test-10.5.18-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'mariadb10.5'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-backup / mariadb-common / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-24T17:09:15", "description": "The version of MariaDB installed on the remote host is prior to 10.5.16. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10516-release-notes advisory.\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "MariaDB 10.5.0 < 10.5.16 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46669", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-32083", "CVE-2022-32085", "CVE-2022-32086", "CVE-2022-32087", "CVE-2022-32088"], "modified": "2023-08-23T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_5_16.NASL", "href": "https://www.tenable.com/plugins/nessus/160722", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160722);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/23\");\n\n script_cve_id(\n \"CVE-2021-46669\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-32083\",\n \"CVE-2022-32085\",\n \"CVE-2022-32086\",\n \"CVE-2022-32087\",\n \"CVE-2022-32088\"\n );\n\n script_name(english:\"MariaDB 10.5.0 < 10.5.16 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.5.16. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mariadb-10516-release-notes advisory.\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10-5-16-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.5.16 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32088\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mariadb_nix_installed.nbin\", \"mariadb_win_installed.nbin\", \"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'MariaDB');\n\nif (!(app_info.local) && report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, 'MariaDB');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [\n { 'min_version' : '10.5', 'fixed_version' : '10.5.16' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-24T16:58:07", "description": "The version of MariaDB installed on the remote host is prior to 10.4.25. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10425-release-notes advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "MariaDB 10.4.0 < 10.4.25 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46669", "CVE-2022-21427", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-32083", "CVE-2022-32085", "CVE-2022-32086", "CVE-2022-32087", "CVE-2022-32088"], "modified": "2023-08-23T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_4_25.NASL", "href": "https://www.tenable.com/plugins/nessus/160721", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160721);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/23\");\n\n script_cve_id(\n \"CVE-2021-46669\",\n \"CVE-2022-21427\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-32083\",\n \"CVE-2022-32085\",\n \"CVE-2022-32086\",\n \"CVE-2022-32087\",\n \"CVE-2022-32088\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0168-S\");\n\n script_name(english:\"MariaDB 10.4.0 < 10.4.25 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.4.25. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mariadb-10425-release-notes advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10-4-25-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.4.25 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32088\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mariadb_nix_installed.nbin\", \"mariadb_win_installed.nbin\", \"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'MariaDB');\n\nif (!(app_info.local) && report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, 'MariaDB');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [\n { 'min_version' : '10.4', 'fixed_version' : '10.4.25' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-19T15:01:10", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5826 advisory.\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-04T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : mariadb:10.5 (ELSA-2022-5826)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31622", "CVE-2022-31623"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:judy", "p-cpe:/a:oracle:linux:galera", "p-cpe:/a:oracle:linux:mariadb", "p-cpe:/a:oracle:linux:mariadb-backup", "p-cpe:/a:oracle:linux:mariadb-common", "p-cpe:/a:oracle:linux:mariadb-devel", "p-cpe:/a:oracle:linux:mariadb-embedded", "p-cpe:/a:oracle:linux:mariadb-embedded-devel", "p-cpe:/a:oracle:linux:mariadb-errmsg", "p-cpe:/a:oracle:linux:mariadb-gssapi-server", "p-cpe:/a:oracle:linux:mariadb-oqgraph-engine", "p-cpe:/a:oracle:linux:mariadb-pam", "p-cpe:/a:oracle:linux:mariadb-server", "p-cpe:/a:oracle:linux:mariadb-server-galera", "p-cpe:/a:oracle:linux:mariadb-server-utils", "p-cpe:/a:oracle:linux:mariadb-test"], "id": "ORACLELINUX_ELSA-2022-5826.NASL", "href": "https://www.tenable.com/plugins/nessus/163808", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-5826.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163808);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\"\n );\n\n script_name(english:\"Oracle Linux 8 : mariadb:10.5 (ELSA-2022-5826)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-5826 advisory.\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that\n SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that\n improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an\n unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability\n allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is\n required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The\n issue results from the lack of validating the existence of an object prior to performing operations on the\n object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in\n the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows\n local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to\n exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue\n results from the lack of proper validation of a user-supplied string before using it as a format\n specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code\n in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads,\n the held lock is not released correctly, which allows local users to trigger a denial of service due to\n the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held\n lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service\n due to the deadlock. (CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-5826.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:Judy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-test\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/mariadb');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\nif ('10.5' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mariadb:' + module_ver);\n\nvar appstreams = {\n 'mariadb:10.5': [\n {'reference':'galera-26.4.11-1.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-26.4.11-1.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module+el8.4.0+20040+caf70fad', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module+el8.4.0+20040+caf70fad', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Judy / galera / mariadb / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-19T15:02:30", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5826 advisory.\n\n - mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)\n\n - mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) (CVE-2021-46661)\n\n - mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements (CVE-2021-46663)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664)\n\n - mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations (CVE-2021-46665)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements (CVE-2021-46668)\n\n - mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed- length stack-based buffer (CVE-2022-24048)\n\n - mariadb: lack of validating the existence of an object prior to performing operations on the object (CVE-2022-24050)\n\n - mariadb: lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051)\n\n - mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)\n\n - mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)\n\n - mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)\n\n - mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)\n\n - mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)\n\n - mariadb: server crash at my_decimal::operator= (CVE-2022-27380)\n\n - mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)\n\n - mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order (CVE-2022-27382)\n\n - mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)\n\n - mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)\n\n - mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)\n\n - mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)\n\n - mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)\n\n - mariadb: assertion failure in compare_order_elements (CVE-2022-27445)\n\n - mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)\n\n - mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447, CVE-2022-27458)\n\n - mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)\n\n - mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)\n\n - mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)\n\n - mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)\n\n - mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)\n\n - mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)\n\n - mariadb: incorrect key in dup value error after long unique (CVE-2022-27457)\n\n - mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622, CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-02T00:00:00", "type": "nessus", "title": "RHEL 8 : mariadb:10.5 (RHSA-2022:5826)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-21595", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31622", "CVE-2022-31623"], "modified": "2023-10-17T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:judy", "p-cpe:/a:redhat:enterprise_linux:galera", "p-cpe:/a:redhat:enterprise_linux:mariadb", "p-cpe:/a:redhat:enterprise_linux:mariadb-backup", "p-cpe:/a:redhat:enterprise_linux:mariadb-common", "p-cpe:/a:redhat:enterprise_linux:mariadb-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-errmsg", "p-cpe:/a:redhat:enterprise_linux:mariadb-gssapi-server", "p-cpe:/a:redhat:enterprise_linux:mariadb-oqgraph-engine", "p-cpe:/a:redhat:enterprise_linux:mariadb-pam", "p-cpe:/a:redhat:enterprise_linux:mariadb-server", "p-cpe:/a:redhat:enterprise_linux:mariadb-server-galera", "p-cpe:/a:redhat:enterprise_linux:mariadb-server-utils", "p-cpe:/a:redhat:enterprise_linux:mariadb-test"], "id": "REDHAT-RHSA-2022-5826.NASL", "href": "https://www.tenable.com/plugins/nessus/163732", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:5826. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163732);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/17\");\n\n script_cve_id(\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-21595\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\"\n );\n script_xref(name:\"RHSA\", value:\"2022:5826\");\n\n script_name(english:\"RHEL 8 : mariadb:10.5 (RHSA-2022:5826)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:5826 advisory.\n\n - mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)\n\n - mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused\n common table expression (CTE) (CVE-2021-46661)\n\n - mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements\n (CVE-2021-46663)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value\n of aggr (CVE-2021-46664)\n\n - mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations (CVE-2021-46665)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements\n (CVE-2021-46668)\n\n - mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the\n BIGINT data type is used (CVE-2021-46669)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-\n length stack-based buffer (CVE-2022-24048)\n\n - mariadb: lack of validating the existence of an object prior to performing operations on the object\n (CVE-2022-24050)\n\n - mariadb: lack of proper validation of a user-supplied string before using it as a format specifier\n (CVE-2022-24051)\n\n - mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)\n\n - mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)\n\n - mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)\n\n - mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)\n\n - mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)\n\n - mariadb: server crash at my_decimal::operator= (CVE-2022-27380)\n\n - mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)\n\n - mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order\n (CVE-2022-27382)\n\n - mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)\n\n - mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)\n\n - mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)\n\n - mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)\n\n - mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)\n\n - mariadb: assertion failure in compare_order_elements (CVE-2022-27445)\n\n - mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)\n\n - mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447, CVE-2022-27458)\n\n - mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)\n\n - mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)\n\n - mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)\n\n - mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)\n\n - mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)\n\n - mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)\n\n - mariadb: incorrect key in dup value error after long unique (CVE-2022-27457)\n\n - mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622,\n CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:5826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2049302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2068211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2068233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2068234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2069833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2076144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2076145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142862\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 89, 119, 120, 122, 400, 404, 416, 476, 617, 667, 1173);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:Judy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'mariadb:10.5': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'galera-26.4.11-1.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module+el8.4.0+9031+9abc7af9', 'sp':'6', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'galera-26.4.11-1.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module+el8.4.0+9031+9abc7af9', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/mariadb');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\nif ('10.5' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mariadb:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Judy / galera / mariadb / mariadb-backup / mariadb-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-12T13:31:04", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5826 advisory.\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21595)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-11-06T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : mariadb:10.5 (RLSA-2022:5826)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-21595", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31622", "CVE-2022-31623"], "modified": "2023-11-06T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:judy", "p-cpe:/a:rocky:linux:judy-debuginfo", "p-cpe:/a:rocky:linux:judy-debugsource", "p-cpe:/a:rocky:linux:galera", "p-cpe:/a:rocky:linux:galera-debuginfo", "p-cpe:/a:rocky:linux:galera-debugsource", "p-cpe:/a:rocky:linux:mariadb", "p-cpe:/a:rocky:linux:mariadb-backup", "p-cpe:/a:rocky:linux:mariadb-backup-debuginfo", "p-cpe:/a:rocky:linux:mariadb-common", "p-cpe:/a:rocky:linux:mariadb-debuginfo", "p-cpe:/a:rocky:linux:mariadb-debugsource", "p-cpe:/a:rocky:linux:mariadb-devel", "p-cpe:/a:rocky:linux:mariadb-embedded", "p-cpe:/a:rocky:linux:mariadb-embedded-debuginfo", "p-cpe:/a:rocky:linux:mariadb-embedded-devel", "p-cpe:/a:rocky:linux:mariadb-errmsg", "p-cpe:/a:rocky:linux:mariadb-gssapi-server", "p-cpe:/a:rocky:linux:mariadb-gssapi-server-debuginfo", "p-cpe:/a:rocky:linux:mariadb-oqgraph-engine", "p-cpe:/a:rocky:linux:mariadb-oqgraph-engine-debuginfo", "p-cpe:/a:rocky:linux:mariadb-pam", "p-cpe:/a:rocky:linux:mariadb-pam-debuginfo", "p-cpe:/a:rocky:linux:mariadb-server", "p-cpe:/a:rocky:linux:mariadb-server-debuginfo", "p-cpe:/a:rocky:linux:mariadb-server-galera", "p-cpe:/a:rocky:linux:mariadb-server-utils", "p-cpe:/a:rocky:linux:mariadb-server-utils-debuginfo", "p-cpe:/a:rocky:linux:mariadb-test", "p-cpe:/a:rocky:linux:mariadb-test-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2022-5826.NASL", "href": "https://www.tenable.com/plugins/nessus/184563", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:5826.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(184563);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/06\");\n\n script_cve_id(\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-21595\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\"\n );\n script_xref(name:\"RLSA\", value:\"2022:5826\");\n\n script_name(english:\"Rocky Linux 8 : mariadb:10.5 (RLSA-2022:5826)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2022:5826 advisory.\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that\n SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an\n unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that\n improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21595)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability\n allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is\n required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The\n issue results from the lack of validating the existence of an object prior to performing operations on the\n object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in\n the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows\n local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to\n exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue\n results from the lack of proper validation of a user-supplied string before using it as a format\n specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code\n in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads,\n the held lock is not released correctly, which allows local users to trigger a denial of service due to\n the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held\n lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service\n due to the deadlock. (CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:5826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2049302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2068211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2068233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2068234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2069833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2076144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2076145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2092354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2092360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2095290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2096281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2096934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2096935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2096936\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:Judy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:Judy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:Judy-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:galera-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:galera-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-backup-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-embedded-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-gssapi-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-oqgraph-engine-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-pam-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-server-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar module_ver = get_kb_item('Host/RockyLinux/appstream/mariadb');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\nif ('10.5' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mariadb:' + module_ver);\n\nvar appstreams = {\n 'mariadb:10.5': [\n {'reference':'galera-26.4.11-1.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-26.4.11-1.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-debuginfo-26.4.11-1.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-debuginfo-26.4.11-1.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-debugsource-26.4.11-1.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-debugsource-26.4.11-1.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module+el8.4.0+427+adf35707', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module+el8.4.0+427+adf35707', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-debuginfo-1.0.5-18.module+el8.4.0+427+adf35707', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-debuginfo-1.0.5-18.module+el8.4.0+427+adf35707', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-debugsource-1.0.5-18.module+el8.4.0+427+adf35707', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-debugsource-1.0.5-18.module+el8.4.0+427+adf35707', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-debugsource-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-debugsource-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RockyLinux/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var package_array ( appstreams[module] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Judy / Judy-debuginfo / Judy-debugsource / galera / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:55:07", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5826 advisory.\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-06T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : mariadb:10.5 (5826) (ALSA-2022:5826)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31622", "CVE-2022-31623"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:alma:linux:8", "p-cpe:/a:alma:linux:galera", "p-cpe:/a:alma:linux:judy", "p-cpe:/a:alma:linux:mariadb", "p-cpe:/a:alma:linux:mariadb-backup", "p-cpe:/a:alma:linux:mariadb-common", "p-cpe:/a:alma:linux:mariadb-devel", "p-cpe:/a:alma:linux:mariadb-embedded", "p-cpe:/a:alma:linux:mariadb-embedded-devel", "p-cpe:/a:alma:linux:mariadb-errmsg", "p-cpe:/a:alma:linux:mariadb-gssapi-server", "p-cpe:/a:alma:linux:mariadb-oqgraph-engine", "p-cpe:/a:alma:linux:mariadb-server", "p-cpe:/a:alma:linux:mariadb-server-galera", "p-cpe:/a:alma:linux:mariadb-server-utils", "p-cpe:/a:alma:linux:mariadb-test", "p-cpe:/a:alma:linux:mariadb-pam"], "id": "ALMA_LINUX_ALSA-2022-5826.NASL", "href": "https://www.tenable.com/plugins/nessus/163903", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:5826.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163903);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\"\n );\n script_xref(name:\"ALSA\", value:\"2022:5826\");\n\n script_name(english:\"AlmaLinux 8 : mariadb:10.5 (5826) (ALSA-2022:5826)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:5826 advisory.\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that\n SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an\n unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that\n improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability\n allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is\n required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The\n issue results from the lack of validating the existence of an object prior to performing operations on the\n object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in\n the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows\n local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to\n exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue\n results from the lack of proper validation of a user-supplied string before using it as a format\n specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code\n in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads,\n the held lock is not released correctly, which allows local users to trigger a denial of service due to\n the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held\n lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service\n due to the deadlock. (CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-5826.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:Judy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar module_ver = get_kb_item('Host/AlmaLinux/appstream/mariadb');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\nif ('10.5' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mariadb:' + module_ver);\n\nvar appstreams = {\n 'mariadb:10.5': [\n {'reference':'galera-26.4.11-1.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'galera-26.4.11-1.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/AlmaLinux/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Judy / galera / mariadb / mariadb-backup / mariadb-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:55:31", "description": "The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2022:5826 advisory.\n\n - mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)\n\n - mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) (CVE-2021-46661)\n\n - mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements (CVE-2021-46663)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664)\n\n - mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations (CVE-2021-46665)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements (CVE-2021-46668)\n\n - mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed- length stack-based buffer (CVE-2022-24048)\n\n - mariadb: lack of validating the existence of an object prior to performing operations on the object (CVE-2022-24050)\n\n - mariadb: lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051)\n\n - mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)\n\n - mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)\n\n - mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)\n\n - mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)\n\n - mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)\n\n - mariadb: server crash at my_decimal::operator= (CVE-2022-27380)\n\n - mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)\n\n - mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order (CVE-2022-27382)\n\n - mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)\n\n - mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)\n\n - mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)\n\n - mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)\n\n - mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)\n\n - mariadb: assertion failure in compare_order_elements (CVE-2022-27445)\n\n - mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)\n\n - mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447, CVE-2022-27458)\n\n - mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)\n\n - mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)\n\n - mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)\n\n - mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)\n\n - mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)\n\n - mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)\n\n - mariadb: incorrect key in dup value error after long unique (CVE-2022-27457)\n\n - mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622, CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-02T00:00:00", "type": "nessus", "title": "CentOS 8 : mariadb:10.5 (CESA-2022:5826)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-21595", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31622", "CVE-2022-31623"], "modified": "2023-10-17T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:judy"], "id": "CENTOS8_RHSA-2022-5826.NASL", "href": "https://www.tenable.com/plugins/nessus/163712", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2022:5826. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163712);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/17\");\n\n script_cve_id(\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\"\n );\n script_xref(name:\"RHSA\", value:\"2022:5826\");\n\n script_name(english:\"CentOS 8 : mariadb:10.5 (CESA-2022:5826)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2022:5826 advisory.\n\n - mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)\n\n - mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused\n common table expression (CTE) (CVE-2021-46661)\n\n - mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements\n (CVE-2021-46663)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value\n of aggr (CVE-2021-46664)\n\n - mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations (CVE-2021-46665)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements\n (CVE-2021-46668)\n\n - mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the\n BIGINT data type is used (CVE-2021-46669)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-\n length stack-based buffer (CVE-2022-24048)\n\n - mariadb: lack of validating the existence of an object prior to performing operations on the object\n (CVE-2022-24050)\n\n - mariadb: lack of proper validation of a user-supplied string before using it as a format specifier\n (CVE-2022-24051)\n\n - mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)\n\n - mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)\n\n - mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)\n\n - mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)\n\n - mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)\n\n - mariadb: server crash at my_decimal::operator= (CVE-2022-27380)\n\n - mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)\n\n - mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order\n (CVE-2022-27382)\n\n - mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)\n\n - mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)\n\n - mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)\n\n - mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)\n\n - mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)\n\n - mariadb: assertion failure in compare_order_elements (CVE-2022-27445)\n\n - mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)\n\n - mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447, CVE-2022-27458)\n\n - mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)\n\n - mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)\n\n - mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)\n\n - mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)\n\n - mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)\n\n - mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)\n\n - mariadb: incorrect key in dup value error after long unique (CVE-2022-27457)\n\n - mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622,\n CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:5826\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Judy package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:Judy\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/CentOS/release');\nif (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< os_release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/mariadb');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\nif ('10.5' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mariadb:' + module_ver);\n\nvar appstreams = {\n 'mariadb:10.5': [\n {'reference':'Judy-1.0.5-18.module_el8.4.0+697+2baf600e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module_el8.4.0+697+2baf600e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Judy');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T09:22:35", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5739-1 advisory.\n\n - zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. (CVE-2018-25032)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. (CVE-2022-32081)\n\n - MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. (CVE-2022-32082)\n\n - MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. (CVE-2022-32083)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.\n (CVE-2022-32084)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. (CVE-2022-32085)\n\n - MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. (CVE-2022-32086)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. (CVE-2022-32087)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. (CVE-2022-32088)\n\n - MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. (CVE-2022-32089)\n\n - MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. (CVE-2022-32091)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-23T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS : MariaDB vulnerabilities (USN-5739-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25032", "CVE-2021-46669", "CVE-2022-21427", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-32081", "CVE-2022-32082", "CVE-2022-32083", "CVE-2022-32084", "CVE-2022-32085", "CVE-2022-32086", "CVE-2022-32087", "CVE-2022-32088", "CVE-2022-32089", "CVE-2022-32091"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libmariadb-dev", "p-cpe:/a:canonical:ubuntu_linux:libmariadb-dev-compat", "p-cpe:/a:canonical:ubuntu_linux:libmariadb3", "p-cpe:/a:canonical:ubuntu_linux:libmariadbclient-dev", "p-cpe:/a:canonical:ubuntu_linux:libmariadbd-dev", "p-cpe:/a:canonical:ubuntu_linux:libmariadbd19", "p-cpe:/a:canonical:ubuntu_linux:mariadb-backup", "p-cpe:/a:canonical:ubuntu_linux:mariadb-client", "p-cpe:/a:canonical:ubuntu_linux:mariadb-client-10.3", "p-cpe:/a:canonical:ubuntu_linux:mariadb-client-10.6", "p-cpe:/a:canonical:ubuntu_linux:mariadb-client-core-10.3", "p-cpe:/a:canonical:ubuntu_linux:mariadb-client-core-10.6", "p-cpe:/a:canonical:ubuntu_linux:mariadb-common", "p-cpe:/a:canonical:ubuntu_linux:mariadb-plugin-connect", "p-cpe:/a:canonical:ubuntu_linux:mariadb-plugin-cracklib-password-check", "p-cpe:/a:canonical:ubuntu_linux:mariadb-plugin-gssapi-client", "p-cpe:/a:canonical:ubuntu_linux:mariadb-plugin-gssapi-server", "p-cpe:/a:canonical:ubuntu_linux:mariadb-plugin-mroonga", "p-cpe:/a:canonical:ubuntu_linux:mariadb-plugin-oqgraph", "p-cpe:/a:canonical:ubuntu_linux:mariadb-plugin-rocksdb", "p-cpe:/a:canonical:ubuntu_linux:mariadb-plugin-s3", "p-cpe:/a:canonical:ubuntu_linux:mariadb-plugin-spider", "p-cpe:/a:canonical:ubuntu_linux:mariadb-plugin-tokudb", "p-cpe:/a:canonical:ubuntu_linux:mariadb-server", "p-cpe:/a:canonical:ubuntu_linux:mariadb-server-10.3", "p-cpe:/a:canonical:ubuntu_linux:mariadb-server-10.6", "p-cpe:/a:canonical:ubuntu_linux:mariadb-server-core-10.3", "p-cpe:/a:canonical:ubuntu_linux:mariadb-server-core-10.6", "p-cpe:/a:canonical:ubuntu_linux:mariadb-test", "p-cpe:/a:canonical:ubuntu_linux:mariadb-test-data"], "id": "UBUNTU_USN-5739-1.NASL", "href": "https://www.tenable.com/plugins/nessus/168154", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5739-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168154);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2018-25032\",\n \"CVE-2021-46669\",\n \"CVE-2022-21427\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-32081\",\n \"CVE-2022-32082\",\n \"CVE-2022-32083\",\n \"CVE-2022-32084\",\n \"CVE-2022-32085\",\n \"CVE-2022-32086\",\n \"CVE-2022-32087\",\n \"CVE-2022-32088\",\n \"CVE-2022-32089\",\n \"CVE-2022-32091\"\n );\n script_xref(name:\"USN\", value:\"5739-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS : MariaDB vulnerabilities (USN-5739-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-5739-1 advisory.\n\n - zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many\n distant matches. (CVE-2018-25032)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at\n /storage/innobase/handler/handler0alter.cc. (CVE-2022-32081)\n\n - MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in\n dict0dict.cc. (CVE-2022-32082)\n\n - MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component\n Item_subselect::init_expr_cache_tracker. (CVE-2022-32083)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.\n (CVE-2022-32084)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component\n Item_func_in::cleanup/Item::cleanup_processor. (CVE-2022-32085)\n\n - MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component\n Item_field::fix_outer_field. (CVE-2022-32086)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component\n Item_args::walk_args. (CVE-2022-32087)\n\n - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component\n Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. (CVE-2022-32088)\n\n - MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component\n st_select_lex_unit::exclude_level. (CVE-2022-32089)\n\n - MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at\n /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. (CVE-2022-32091)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5739-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32081\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-32091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmariadb-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmariadb-dev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmariadb3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmariadbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmariadbd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmariadbd19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-client-10.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-client-10.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-client-core-10.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-client-core-10.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-plugin-connect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-plugin-cracklib-password-check\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-plugin-gssapi-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-plugin-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-plugin-mroonga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-plugin-oqgraph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-plugin-rocksdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-plugin-s3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-plugin-spider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-plugin-tokudb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-server-10.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-server-10.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-server-core-10.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-server-core-10.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-test-data\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release || '22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'libmariadb-dev', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libmariadb-dev-compat', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libmariadb3', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libmariadbclient-dev', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libmariadbd-dev', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libmariadbd19', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'mariadb-backup', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'mariadb-client', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'mariadb-client-10.3', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'mariadb-client-core-10.3', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'mariadb-common', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'mariadb-plugin-connect', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'mariadb-plugin-cracklib-password-check', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'mariadb-plugin-gssapi-client', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'mariadb-plugin-gssapi-server', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'mariadb-plugin-mroonga', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'mariadb-plugin-oqgraph', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'mariadb-plugin-rocksdb', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'mariadb-plugin-spider', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'mariadb-plugin-tokudb', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'mariadb-server', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'mariadb-server-10.3', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'mariadb-server-core-10.3', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'mariadb-test', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'mariadb-test-data', 'pkgver': '1:10.3.37-0ubuntu0.20.04.1'},\n {'osver': '22.04', 'pkgname': 'libmariadb-dev', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libmariadb-dev-compat', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libmariadb3', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libmariadbd-dev', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libmariadbd19', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mariadb-backup', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mariadb-client', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mariadb-client-10.6', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mariadb-client-core-10.6', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mariadb-common', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mariadb-plugin-connect', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mariadb-plugin-cracklib-password-check', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mariadb-plugin-gssapi-client', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mariadb-plugin-gssapi-server', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mariadb-plugin-mroonga', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mariadb-plugin-oqgraph', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mariadb-plugin-rocksdb', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mariadb-plugin-s3', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mariadb-plugin-spider', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mariadb-server', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mariadb-server-10.6', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mariadb-server-core-10.6', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mariadb-test', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mariadb-test-data', 'pkgver': '1:10.6.11-0ubuntu0.22.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libmariadb-dev / libmariadb-dev-compat / libmariadb3 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T14:57:53", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 04fecc47-dad2-11ec-8fbd-d4c9ef517024 advisory.\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-23T00:00:00", "type": "nessus", "title": "FreeBSD : MariaDB -- Multiple vulnerabilities (04fecc47-dad2-11ec-8fbd-d4c9ef517024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46669", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458"], "modified": "2023-10-26T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mariadb103-client", "p-cpe:/a:freebsd:freebsd:mariadb103-server", "p-cpe:/a:freebsd:freebsd:mariadb104-client", "p-cpe:/a:freebsd:freebsd:mariadb104-server", "p-cpe:/a:freebsd:freebsd:mariadb105-client", "p-cpe:/a:freebsd:freebsd:mariadb105-server", "p-cpe:/a:freebsd:freebsd:mariadb106-client", "p-cpe:/a:freebsd:freebsd:mariadb106-server", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_04FECC47DAD211EC8FBDD4C9EF517024.NASL", "href": "https://www.tenable.com/plugins/nessus/161445", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161445);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/26\");\n\n script_cve_id(\n \"CVE-2021-46669\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\"\n );\n\n script_name(english:\"FreeBSD : MariaDB -- Multiple vulnerabilities (04fecc47-dad2-11ec-8fbd-d4c9ef517024)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the 04fecc47-dad2-11ec-8fbd-d4c9ef517024 advisory.\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/security/#full-list-of-cves-fixed-in-mariadb\");\n # https://vuxml.freebsd.org/freebsd/04fecc47-dad2-11ec-8fbd-d4c9ef517024.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?198b159a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27458\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb103-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb103-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb104-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb104-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb105-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb105-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb106-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb106-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'mariadb103-client<10.3.35',\n 'mariadb103-server<10.3.35',\n 'mariadb104-client<10.4.25',\n 'mariadb104-server<10.4.25',\n 'mariadb105-client<10.5.16',\n 'mariadb105-server<10.5.16',\n 'mariadb106-client<10.6.8',\n 'mariadb106-server<10.6.8'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T14:54:36", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2189-1 advisory.\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-28T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : mariadb (SUSE-SU-2022:2189-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46669", "CVE-2022-21427", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmariadbd-devel", "p-cpe:/a:novell:suse_linux:libmariadbd19", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-tools", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2189-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162556", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2189-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162556);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-46669\",\n \"CVE-2022-21427\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2189-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : mariadb (SUSE-SU-2022:2189-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2189-1 advisory.\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27458\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011363.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a54a32a0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27458\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadbd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadbd19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libmariadbd-devel-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'libmariadbd19-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'mariadb-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'mariadb-client-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'mariadb-errormessages-10.4.25-150200.3.28.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'mariadb-tools-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'libmariadbd-devel-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'libmariadbd-devel-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'libmariadbd19-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'libmariadbd19-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'mariadb-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'mariadb-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'mariadb-client-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'mariadb-client-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'mariadb-errormessages-10.4.25-150200.3.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'mariadb-tools-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'mariadb-tools-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'libmariadbd-devel-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libmariadbd-devel-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libmariadbd19-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libmariadbd19-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'mariadb-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'mariadb-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'mariadb-client-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'mariadb-client-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'mariadb-errormessages-10.4.25-150200.3.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'mariadb-tools-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'mariadb-tools-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libmariadbd-devel-10.4.25-150200.3.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'libmariadbd19-10.4.25-150200.3.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'mariadb-10.4.25-150200.3.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'mariadb-client-10.4.25-150200.3.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'mariadb-tools-10.4.25-150200.3.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libmariadbd-devel / libmariadbd19 / mariadb / mariadb-client / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T14:55:01", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2003-1 advisory.\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-08T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : mariadb (SUSE-SU-2022:2003-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46669", "CVE-2022-21427", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmariadbd-devel", "p-cpe:/a:novell:suse_linux:libmariadbd19", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-tools", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2003-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161945", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2003-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161945);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\n \"CVE-2021-46669\",\n \"CVE-2022-21427\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2003-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : mariadb (SUSE-SU-2022:2003-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2003-1 advisory.\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27458\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011247.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7d82dace\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27458\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadbd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadbd19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libmariadbd-devel-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libmariadbd19-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'mariadb-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'mariadb-client-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'mariadb-errormessages-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'mariadb-tools-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libmariadbd-devel-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'libmariadbd19-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'mariadb-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'mariadb-client-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'mariadb-errormessages-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'mariadb-tools-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libmariadbd-devel / libmariadbd19 / mariadb / mariadb-client / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-20T16:30:29", "description": "The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5948 advisory.\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "Oracle Linux 9 : galera, / mariadb, / and / mysql-selinux (ELSA-2022-5948)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31622", "CVE-2022-31623"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:galera", "p-cpe:/a:oracle:linux:mariadb", "p-cpe:/a:oracle:linux:mariadb-backup", "p-cpe:/a:oracle:linux:mariadb-common", "p-cpe:/a:oracle:linux:mariadb-devel", "p-cpe:/a:oracle:linux:mariadb-embedded", "p-cpe:/a:oracle:linux:mariadb-embedded-devel", "p-cpe:/a:oracle:linux:mariadb-errmsg", "p-cpe:/a:oracle:linux:mariadb-gssapi-server", "p-cpe:/a:oracle:linux:mariadb-oqgraph-engine", "p-cpe:/a:oracle:linux:mariadb-pam", "p-cpe:/a:oracle:linux:mariadb-server", "p-cpe:/a:oracle:linux:mariadb-server-galera", "p-cpe:/a:oracle:linux:mariadb-server-utils", "p-cpe:/a:oracle:linux:mariadb-test", "p-cpe:/a:oracle:linux:mysql-selinux"], "id": "ORACLELINUX_ELSA-2022-5948.NASL", "href": "https://www.tenable.com/plugins/nessus/164033", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-5948.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164033);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\"\n );\n\n script_name(english:\"Oracle Linux 9 : galera, / mariadb, / and / mysql-selinux (ELSA-2022-5948)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-5948 advisory.\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that\n SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that\n improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an\n unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability\n allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is\n required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The\n issue results from the lack of validating the existence of an object prior to performing operations on the\n object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in\n the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows\n local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to\n exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue\n results from the lack of proper validation of a user-supplied string before using it as a format\n specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code\n in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads,\n the held lock is not released correctly, which allows local users to trigger a denial of service due to\n the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held\n lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service\n due to the deadlock. (CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-5948.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-selinux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'galera-26.4.11-1.0.1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-26.4.11-1.0.1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mysql-selinux-1.0.5-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'galera / mariadb / mariadb-backup / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-19T15:01:42", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5948 advisory.\n\n - mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)\n\n - mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) (CVE-2021-46661)\n\n - mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements (CVE-2021-46663)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664)\n\n - mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations (CVE-2021-46665)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements (CVE-2021-46668)\n\n - mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed- length stack-based buffer (CVE-2022-24048)\n\n - mariadb: lack of validating the existence of an object prior to performing operations on the object (CVE-2022-24050)\n\n - mariadb: lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051)\n\n - mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)\n\n - mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)\n\n - mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)\n\n - mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)\n\n - mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)\n\n - mariadb: server crash at my_decimal::operator= (CVE-2022-27380)\n\n - mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)\n\n - mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order (CVE-2022-27382)\n\n - mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)\n\n - mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)\n\n - mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)\n\n - mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)\n\n - mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)\n\n - mariadb: assertion failure in compare_order_elements (CVE-2022-27445)\n\n - mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)\n\n - mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447, CVE-2022-27458)\n\n - mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)\n\n - mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)\n\n - mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)\n\n - mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)\n\n - mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)\n\n - mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)\n\n - mariadb: incorrect key in dup value error after long unique (CVE-2022-27457)\n\n - mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622, CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "RHEL 9 : galera, mariadb, and mysql-selinux (RHSA-2022:5948)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-21595", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31622", "CVE-2022-31623"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:9", "cpe:/o:redhat:rhel_aus:9.2", "cpe:/o:redhat:rhel_e4s:9.0", "cpe:/o:redhat:rhel_e4s:9.2", "cpe:/o:redhat:rhel_eus:9.0", "cpe:/o:redhat:rhel_eus:9.2", "p-cpe:/a:redhat:enterprise_linux:mariadb", "p-cpe:/a:redhat:enterprise_linux:mariadb-backup", "p-cpe:/a:redhat:enterprise_linux:mariadb-common", "p-cpe:/a:redhat:enterprise_linux:mariadb-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-errmsg", "p-cpe:/a:redhat:enterprise_linux:mariadb-gssapi-server", "p-cpe:/a:redhat:enterprise_linux:mariadb-oqgraph-engine", "p-cpe:/a:redhat:enterprise_linux:mariadb-pam", "p-cpe:/a:redhat:enterprise_linux:mariadb-server", "p-cpe:/a:redhat:enterprise_linux:mariadb-server-galera", "p-cpe:/a:redhat:enterprise_linux:mariadb-server-utils", "p-cpe:/a:redhat:enterprise_linux:mariadb-test"], "id": "REDHAT-RHSA-2022-5948.NASL", "href": "https://www.tenable.com/plugins/nessus/163960", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:5948. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163960);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-21595\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\"\n );\n script_xref(name:\"RHSA\", value:\"2022:5948\");\n\n script_name(english:\"RHEL 9 : galera, mariadb, and mysql-selinux (RHSA-2022:5948)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:5948 advisory.\n\n - mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)\n\n - mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused\n common table expression (CTE) (CVE-2021-46661)\n\n - mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements\n (CVE-2021-46663)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value\n of aggr (CVE-2021-46664)\n\n - mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations (CVE-2021-46665)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements\n (CVE-2021-46668)\n\n - mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the\n BIGINT data type is used (CVE-2021-46669)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-\n length stack-based buffer (CVE-2022-24048)\n\n - mariadb: lack of validating the existence of an object prior to performing operations on the object\n (CVE-2022-24050)\n\n - mariadb: lack of proper validation of a user-supplied string before using it as a format specifier\n (CVE-2022-24051)\n\n - mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)\n\n - mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)\n\n - mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)\n\n - mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)\n\n - mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)\n\n - mariadb: server crash at my_decimal::operator= (CVE-2022-27380)\n\n - mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)\n\n - mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order\n (CVE-2022-27382)\n\n - mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)\n\n - mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)\n\n - mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)\n\n - mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)\n\n - mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)\n\n - mariadb: assertion failure in compare_order_elements (CVE-2022-27445)\n\n - mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)\n\n - mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447, CVE-2022-27458)\n\n - mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)\n\n - mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)\n\n - mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)\n\n - mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)\n\n - mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)\n\n - mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)\n\n - mariadb: incorrect key in dup value error after long unique (CVE-2022-27457)\n\n - mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622,\n CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:5948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2049302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2068211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2068233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2068234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2069833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2076144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2076145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142862\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 89, 119, 120, 122, 400, 404, 416, 476, 617, 667, 1173);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel9/9.2/x86_64/appstream/debug',\n 'content/aus/rhel9/9.2/x86_64/appstream/os',\n 'content/aus/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel9/9.2/x86_64/baseos/debug',\n 'content/aus/rhel9/9.2/x86_64/baseos/os',\n 'content/aus/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/appstream/debug',\n 'content/e4s/rhel9/9.2/aarch64/appstream/os',\n 'content/e4s/rhel9/9.2/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/baseos/debug',\n 'content/e4s/rhel9/9.2/aarch64/baseos/os',\n 'content/e4s/rhel9/9.2/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/debug',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/os',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/debug',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/os',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/debug',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/os',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/os',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/debug',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/os',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/sap/debug',\n 'content/e4s/rhel9/9.2/ppc64le/sap/os',\n 'content/e4s/rhel9/9.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/appstream/debug',\n 'content/e4s/rhel9/9.2/s390x/appstream/os',\n 'content/e4s/rhel9/9.2/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/baseos/debug',\n 'content/e4s/rhel9/9.2/s390x/baseos/os',\n 'content/e4s/rhel9/9.2/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/highavailability/debug',\n 'content/e4s/rhel9/9.2/s390x/highavailability/os',\n 'content/e4s/rhel9/9.2/s390x/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/resilientstorage/debug',\n 'content/e4s/rhel9/9.2/s390x/resilientstorage/os',\n 'content/e4s/rhel9/9.2/s390x/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/sap/debug',\n 'content/e4s/rhel9/9.2/s390x/sap/os',\n 'content/e4s/rhel9/9.2/s390x/sap/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/appstream/debug',\n 'content/e4s/rhel9/9.2/x86_64/appstream/os',\n 'content/e4s/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/baseos/debug',\n 'content/e4s/rhel9/9.2/x86_64/baseos/os',\n 'content/e4s/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/debug',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/os',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/debug',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/os',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/sap/debug',\n 'content/e4s/rhel9/9.2/x86_64/sap/os',\n 'content/e4s/rhel9/9.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/appstream/debug',\n 'content/eus/rhel9/9.2/aarch64/appstream/os',\n 'content/eus/rhel9/9.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/baseos/debug',\n 'content/eus/rhel9/9.2/aarch64/baseos/os',\n 'content/eus/rhel9/9.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/os',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/highavailability/debug',\n 'content/eus/rhel9/9.2/aarch64/highavailability/os',\n 'content/eus/rhel9/9.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/supplementary/debug',\n 'content/eus/rhel9/9.2/aarch64/supplementary/os',\n 'content/eus/rhel9/9.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/appstream/debug',\n 'content/eus/rhel9/9.2/ppc64le/appstream/os',\n 'content/eus/rhel9/9.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/baseos/debug',\n 'content/eus/rhel9/9.2/ppc64le/baseos/os',\n 'content/eus/rhel9/9.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/debug',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/os',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/sap/debug',\n 'content/eus/rhel9/9.2/ppc64le/sap/os',\n 'content/eus/rhel9/9.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/debug',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/os',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/appstream/debug',\n 'content/eus/rhel9/9.2/s390x/appstream/os',\n 'content/eus/rhel9/9.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/baseos/debug',\n 'content/eus/rhel9/9.2/s390x/baseos/os',\n 'content/eus/rhel9/9.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/codeready-builder/debug',\n 'content/eus/rhel9/9.2/s390x/codeready-builder/os',\n 'content/eus/rhel9/9.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/highavailability/debug',\n 'content/eus/rhel9/9.2/s390x/highavailability/os',\n 'content/eus/rhel9/9.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/resilientstorage/debug',\n 'content/eus/rhel9/9.2/s390x/resilientstorage/os',\n 'content/eus/rhel9/9.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/sap/debug',\n 'content/eus/rhel9/9.2/s390x/sap/os',\n 'content/eus/rhel9/9.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/supplementary/debug',\n 'content/eus/rhel9/9.2/s390x/supplementary/os',\n 'content/eus/rhel9/9.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/appstream/debug',\n 'content/eus/rhel9/9.2/x86_64/appstream/os',\n 'content/eus/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/baseos/debug',\n 'content/eus/rhel9/9.2/x86_64/baseos/os',\n 'content/eus/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/os',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/highavailability/debug',\n 'content/eus/rhel9/9.2/x86_64/highavailability/os',\n 'content/eus/rhel9/9.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/os',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/os',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/sap/debug',\n 'content/eus/rhel9/9.2/x86_64/sap/os',\n 'content/eus/rhel9/9.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/supplementary/debug',\n 'content/eus/rhel9/9.2/x86_64/supplementary/os',\n 'content/eus/rhel9/9.2/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'mariadb-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel9/9/aarch64/appstream/debug',\n 'content/dist/rhel9/9/aarch64/appstream/os',\n 'content/dist/rhel9/9/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/baseos/debug',\n 'content/dist/rhel9/9/aarch64/baseos/os',\n 'content/dist/rhel9/9/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/codeready-builder/debug',\n 'content/dist/rhel9/9/aarch64/codeready-builder/os',\n 'content/dist/rhel9/9/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/highavailability/debug',\n 'content/dist/rhel9/9/aarch64/highavailability/os',\n 'content/dist/rhel9/9/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/supplementary/debug',\n 'content/dist/rhel9/9/aarch64/supplementary/os',\n 'content/dist/rhel9/9/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/appstream/debug',\n 'content/dist/rhel9/9/ppc64le/appstream/os',\n 'content/dist/rhel9/9/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/baseos/debug',\n 'content/dist/rhel9/9/ppc64le/baseos/os',\n 'content/dist/rhel9/9/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/debug',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/os',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/highavailability/debug',\n 'content/dist/rhel9/9/ppc64le/highavailability/os',\n 'content/dist/rhel9/9/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/debug',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/os',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/debug',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/os',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap/debug',\n 'content/dist/rhel9/9/ppc64le/sap/os',\n 'content/dist/rhel9/9/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/supplementary/debug',\n 'content/dist/rhel9/9/ppc64le/supplementary/os',\n 'content/dist/rhel9/9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/s390x/appstream/debug',\n 'content/dist/rhel9/9/s390x/appstream/os',\n 'content/dist/rhel9/9/s390x/appstream/source/SRPMS',\n 'content/dist/rhel9/9/s390x/baseos/debug',\n 'content/dist/rhel9/9/s390x/baseos/os',\n 'content/dist/rhel9/9/s390x/baseos/source/SRPMS',\n 'content/dist/rhel9/9/s390x/codeready-builder/debug',\n 'content/dist/rhel9/9/s390x/codeready-builder/os',\n 'content/dist/rhel9/9/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/s390x/highavailability/debug',\n 'content/dist/rhel9/9/s390x/highavailability/os',\n 'content/dist/rhel9/9/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/s390x/resilientstorage/debug',\n 'content/dist/rhel9/9/s390x/resilientstorage/os',\n 'content/dist/rhel9/9/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/s390x/sap/debug',\n 'content/dist/rhel9/9/s390x/sap/os',\n 'content/dist/rhel9/9/s390x/sap/source/SRPMS',\n 'content/dist/rhel9/9/s390x/supplementary/debug',\n 'content/dist/rhel9/9/s390x/supplementary/os',\n 'content/dist/rhel9/9/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/appstream/debug',\n 'content/dist/rhel9/9/x86_64/appstream/os',\n 'content/dist/rhel9/9/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/baseos/debug',\n 'content/dist/rhel9/9/x86_64/baseos/os',\n 'content/dist/rhel9/9/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/codeready-builder/debug',\n 'content/dist/rhel9/9/x86_64/codeready-builder/os',\n 'content/dist/rhel9/9/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/highavailability/debug',\n 'content/dist/rhel9/9/x86_64/highavailability/os',\n 'content/dist/rhel9/9/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/nfv/debug',\n 'content/dist/rhel9/9/x86_64/nfv/os',\n 'content/dist/rhel9/9/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/resilientstorage/debug',\n 'content/dist/rhel9/9/x86_64/resilientstorage/os',\n 'content/dist/rhel9/9/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/rt/debug',\n 'content/dist/rhel9/9/x86_64/rt/os',\n 'content/dist/rhel9/9/x86_64/rt/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap-solutions/debug',\n 'content/dist/rhel9/9/x86_64/sap-solutions/os',\n 'content/dist/rhel9/9/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap/debug',\n 'content/dist/rhel9/9/x86_64/sap/os',\n 'content/dist/rhel9/9/x86_64/sap/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/supplementary/debug',\n 'content/dist/rhel9/9/x86_64/supplementary/os',\n 'content/dist/rhel9/9/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'mariadb-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel9/9.0/aarch64/appstream/debug',\n 'content/e4s/rhel9/9.0/aarch64/appstream/os',\n 'content/e4s/rhel9/9.0/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/aarch64/baseos/debug',\n 'content/e4s/rhel9/9.0/aarch64/baseos/os',\n 'content/e4s/rhel9/9.0/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/debug',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/os',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/appstream/debug',\n 'content/e4s/rhel9/9.0/ppc64le/appstream/os',\n 'content/e4s/rhel9/9.0/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/baseos/debug',\n 'content/e4s/rhel9/9.0/ppc64le/baseos/os',\n 'content/e4s/rhel9/9.0/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/highavailability/debug',\n 'content/e4s/rhel9/9.0/ppc64le/highavailability/os',\n 'content/e4s/rhel9/9.0/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/resilientstorage/debug',\n 'content/e4s/rhel9/9.0/ppc64le/resilientstorage/os',\n 'content/e4s/rhel9/9.0/ppc64le/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel9/9.0/ppc64le/sap-solutions/os',\n 'content/e4s/rhel9/9.0/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/sap/debug',\n 'content/e4s/rhel9/9.0/ppc64le/sap/os',\n 'content/e4s/rhel9/9.0/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/appstream/debug',\n 'content/e4s/rhel9/9.0/s390x/appstream/os',\n 'content/e4s/rhel9/9.0/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/baseos/debug',\n 'content/e4s/rhel9/9.0/s390x/baseos/os',\n 'content/e4s/rhel9/9.0/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/highavailability/debug',\n 'content/e4s/rhel9/9.0/s390x/highavailability/os',\n 'content/e4s/rhel9/9.0/s390x/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/debug',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/os',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/sap/debug',\n 'content/e4s/rhel9/9.0/s390x/sap/os',\n 'content/e4s/rhel9/9.0/s390x/sap/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/appstream/debug',\n 'content/e4s/rhel9/9.0/x86_64/appstream/os',\n 'content/e4s/rhel9/9.0/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/baseos/debug',\n 'content/e4s/rhel9/9.0/x86_64/baseos/os',\n 'content/e4s/rhel9/9.0/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/debug',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/os',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/nfv/debug',\n 'content/e4s/rhel9/9.0/x86_64/nfv/os',\n 'content/e4s/rhel9/9.0/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/debug',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/os',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/rt/debug',\n 'content/e4s/rhel9/9.0/x86_64/rt/os',\n 'content/e4s/rhel9/9.0/x86_64/rt/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/debug',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/os',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/sap/debug',\n 'content/e4s/rhel9/9.0/x86_64/sap/os',\n 'content/e4s/rhel9/9.0/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/appstream/debug',\n 'content/eus/rhel9/9.0/aarch64/appstream/os',\n 'content/eus/rhel9/9.0/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/baseos/debug',\n 'content/eus/rhel9/9.0/aarch64/baseos/os',\n 'content/eus/rhel9/9.0/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/debug',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/os',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/highavailability/debug',\n 'content/eus/rhel9/9.0/aarch64/highavailability/os',\n 'content/eus/rhel9/9.0/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/supplementary/debug',\n 'content/eus/rhel9/9.0/aarch64/supplementary/os',\n 'content/eus/rhel9/9.0/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/appstream/debug',\n 'content/eus/rhel9/9.0/ppc64le/appstream/os',\n 'content/eus/rhel9/9.0/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/baseos/debug',\n 'content/eus/rhel9/9.0/ppc64le/baseos/os',\n 'content/eus/rhel9/9.0/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/codeready-builder/debug',\n 'content/eus/rhel9/9.0/ppc64le/codeready-builder/os',\n 'content/eus/rhel9/9.0/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/highavailability/debug',\n 'content/eus/rhel9/9.0/ppc64le/highavailability/os',\n 'content/eus/rhel9/9.0/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/resilientstorage/debug',\n 'content/eus/rhel9/9.0/ppc64le/resilientstorage/os',\n 'content/eus/rhel9/9.0/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/sap-solutions/debug',\n 'content/eus/rhel9/9.0/ppc64le/sap-solutions/os',\n 'content/eus/rhel9/9.0/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/sap/debug',\n 'content/eus/rhel9/9.0/ppc64le/sap/os',\n 'content/eus/rhel9/9.0/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/supplementary/debug',\n 'content/eus/rhel9/9.0/ppc64le/supplementary/os',\n 'content/eus/rhel9/9.0/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/appstream/debug',\n 'content/eus/rhel9/9.0/s390x/appstream/os',\n 'content/eus/rhel9/9.0/s390x/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/baseos/debug',\n 'content/eus/rhel9/9.0/s390x/baseos/os',\n 'content/eus/rhel9/9.0/s390x/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/debug',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/os',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/highavailability/debug',\n 'content/eus/rhel9/9.0/s390x/highavailability/os',\n 'content/eus/rhel9/9.0/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/debug',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/os',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/sap/debug',\n 'content/eus/rhel9/9.0/s390x/sap/os',\n 'content/eus/rhel9/9.0/s390x/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/supplementary/debug',\n 'content/eus/rhel9/9.0/s390x/supplementary/os',\n 'content/eus/rhel9/9.0/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/appstream/debug',\n 'content/eus/rhel9/9.0/x86_64/appstream/os',\n 'content/eus/rhel9/9.0/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/baseos/debug',\n 'content/eus/rhel9/9.0/x86_64/baseos/os',\n 'content/eus/rhel9/9.0/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/debug',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/os',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/highavailability/debug',\n 'content/eus/rhel9/9.0/x86_64/highavailability/os',\n 'content/eus/rhel9/9.0/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/debug',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/os',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/debug',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/os',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/sap/debug',\n 'content/eus/rhel9/9.0/x86_64/sap/os',\n 'content/eus/rhel9/9.0/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/supplementary/debug',\n 'content/eus/rhel9/9.0/x86_64/supplementary/os',\n 'content/eus/rhel9/9.0/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'mariadb-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mariadb / mariadb-backup / mariadb-common / mariadb-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-03T21:45:44", "description": "The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5948 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-16T00:00:00", "type": "nessus", "title": "AlmaLinux 9 : galera, mariadb, and mysql-selinux (ALSA-2022:5948)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31622", "CVE-2022-31623"], "modified": "2023-10-03T00:00:00", "cpe": ["p-cpe:/a:alma:linux:mariadb", "p-cpe:/a:alma:linux:mariadb-backup", "p-cpe:/a:alma:linux:mariadb-common", "p-cpe:/a:alma:linux:mariadb-devel", "p-cpe:/a:alma:linux:mariadb-embedded", "p-cpe:/a:alma:linux:mariadb-embedded-devel", "p-cpe:/a:alma:linux:mariadb-errmsg", "p-cpe:/a:alma:linux:mariadb-gssapi-server", "p-cpe:/a:alma:linux:mariadb-oqgraph-engine", "p-cpe:/a:alma:linux:mariadb-pam", "p-cpe:/a:alma:linux:mariadb-server", "p-cpe:/a:alma:linux:mariadb-server-galera", "p-cpe:/a:alma:linux:mariadb-server-utils", "p-cpe:/a:alma:linux:mariadb-test", "cpe:/o:alma:linux:9", "cpe:/o:alma:linux:9::appstream", "cpe:/o:alma:linux:9::crb"], "id": "ALMA_LINUX_ALSA-2022-5948.NASL", "href": "https://www.tenable.com/plugins/nessus/167668", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:5948.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167668);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/03\");\n\n script_cve_id(\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"

Amazon Linux 2023 : mariadb105, mariadb105-backup, mariadb105-common (ALAS2023-2023-037)

Description

Related