EulerOS 2.0 SP8 : mariadb (EulerOS-SA-2022-2227)

2022-08-17T00:00:00

Description

According to the versions of the mariadb packages installed, the EulerOS installation - save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect - MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was (CVE-2022-27384) - An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when (CVE-2022-31621) - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_a Note that Tenable Network Security has extracted the preceding description block directly from the on the remote host is affected by the following vulnerabilities : handling of with_window_func=true for a subquery. (CVE-2021-46658) conjunction with a nested subquery. (CVE-2021-46662) allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378) allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380) attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381) my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383) discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27385) sql/sql_class.cc. (CVE-2022-27386) decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387) sql/sql_window.cc. (CVE-2022-27445) == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448) my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455) my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457) an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31622) an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31623) udit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624) EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

{"id": "EULEROS_SA-2022-2227.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS 2.0 SP8 : mariadb (EulerOS-SA-2022-2227)", "description": "According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. (CVE-2021-46658)\n\n - MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. (CVE-2021-46662)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27385)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n (CVE-2022-31621)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31623)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2022-08-17T00:00:00", "modified": "2023-10-13T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/164205", "reporter": "This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31623", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27384", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27381", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46662", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27448", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27445", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31624", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27387", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27383", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27380", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31621", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27455", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27385", "http://www.nessus.org/u?2df561b8", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27386", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27378", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27457", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31622", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46658"], "cvelist": ["CVE-2021-46658", "CVE-2021-46662", "CVE-2022-27378", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27385", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27445", "CVE-2022-27448", "CVE-2022-27455", "CVE-2022-27457", "CVE-2022-31621", "CVE-2022-31622", "CVE-2022-31623", "CVE-2022-31624"], "immutableFields": [], "lastseen": "2023-10-15T15:04:43", "viewCount": 58, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:1556", "ALSA-2022:1557", "ALSA-2022:5826", "ALSA-2022:5948", "ALSA-2022:6443"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-46662", "ALPINE:CVE-2022-27378", "ALPINE:CVE-2022-27380", "ALPINE:CVE-2022-27381", "ALPINE:CVE-2022-27383", "ALPINE:CVE-2022-27384", "ALPINE:CVE-2022-27385", "ALPINE:CVE-2022-27386", "ALPINE:CVE-2022-27387", "ALPINE:CVE-2022-27445", "ALPINE:CVE-2022-27448", "ALPINE:CVE-2022-27455", "ALPINE:CVE-2022-27457", "ALPINE:CVE-2022-31621", "ALPINE:CVE-2022-31622", "ALPINE:CVE-2022-31623", "ALPINE:CVE-2022-31624"]}, {"type": "amazon", "idList": ["ALAS2-2023-2057"]}, {"type": "cnvd", "idList": ["CNVD-2022-64999", "CNVD-2022-65004", "CNVD-2022-65005", "CNVD-2022-65006", "CNVD-2022-65007", "CNVD-2022-65008", "CNVD-2022-65010", "CNVD-2022-65342", "CNVD-2022-65343", "CNVD-2022-65344", "CNVD-2022-65345"]}, {"type": "cve", "idList": ["CVE-2021-46658", "CVE-2021-46662", "CVE-2022-27378", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27385", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27445", "CVE-2022-27448", "CVE-2022-27455", "CVE-2022-27457", "CVE-2022-31621", "CVE-2022-31622", "CVE-2022-31623", "CVE-2022-31624"]}, {"type": "debian", "idList": ["DEBIAN:DLA-3114-1:9A50E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-46658", "DEBIANCVE:CVE-2021-46662", "DEBIANCVE:CVE-2022-27378", "DEBIANCVE:CVE-2022-27380", "DEBIANCVE:CVE-2022-27381", "DEBIANCVE:CVE-2022-27383", "DEBIANCVE:CVE-2022-27384", "DEBIANCVE:CVE-2022-27385", "DEBIANCVE:CVE-2022-27386", "DEBIANCVE:CVE-2022-27387", "DEBIANCVE:CVE-2022-27445", "DEBIANCVE:CVE-2022-27448", "DEBIANCVE:CVE-2022-27455", "DEBIANCVE:CVE-2022-27457", "DEBIANCVE:CVE-2022-31621", "DEBIANCVE:CVE-2022-31622", "DEBIANCVE:CVE-2022-31623", "DEBIANCVE:CVE-2022-31624"]}, {"type": "freebsd", "idList": ["04FECC47-DAD2-11EC-8FBD-D4C9EF517024"]}, {"type": "ibm", "idList": ["5BE52962678849208DBB78075A36D8D5B485DEC707628BB3A9D37D4AA01BC678"]}, {"type": "mageia", "idList": ["MGASA-2022-0215"]}, {"type": "mariadbunix", "idList": ["MARIA:CVE-2021-46658", "MARIA:CVE-2021-46662", "MARIA:CVE-2022-27378", "MARIA:CVE-2022-27380", "MARIA:CVE-2022-27381", "MARIA:CVE-2022-27383", "MARIA:CVE-2022-27384", "MARIA:CVE-2022-27385", "MARIA:CVE-2022-27386", "MARIA:CVE-2022-27387", "MARIA:CVE-2022-27445", "MARIA:CVE-2022-27448", "MARIA:CVE-2022-27455", "MARIA:CVE-2022-27457", "MARIA:CVE-2022-31624", "MARIA:USN-5739-1"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-182.NASL", "AL2023_ALAS2023-2023-037.NASL", "AL2023_ALAS2023-2023-155.NASL", "AL2_ALAS-2023-2057.NASL", "AL2_ALASMARIADB10_5-2023-003.NASL", "ALMA_LINUX_ALSA-2022-5826.NASL", "ALMA_LINUX_ALSA-2022-5948.NASL", "ALMA_LINUX_ALSA-2022-6443.NASL", "CENTOS8_RHSA-2022-1557.NASL", "CENTOS8_RHSA-2022-5826.NASL", "DEBIAN_DLA-3114.NASL", "EULEROS_SA-2022-1543.NASL", "EULEROS_SA-2022-1746.NASL", "EULEROS_SA-2022-2275.NASL", "EULEROS_SA-2022-2518.NASL", "EULEROS_SA-2022-2573.NASL", "EULEROS_SA-2022-2624.NASL", "EULEROS_SA-2023-1071.NASL", "EULEROS_SA-2023-1274.NASL", "EULEROS_SA-2023-1704.NASL", "FREEBSD_PKG_04FECC47DAD211EC8FBDD4C9EF517024.NASL", "MARIADB_10_2_39.NASL", "MARIADB_10_2_40.NASL", "MARIADB_10_2_41.NASL", "MARIADB_10_2_44.NASL", "MARIADB_10_3_30.NASL", "MARIADB_10_3_32.NASL", "MARIADB_10_3_35.NASL", "MARIADB_10_4_20.NASL", "MARIADB_10_4_21.NASL", "MARIADB_10_4_22.NASL", "MARIADB_10_4_25.NASL", "MARIADB_10_4_26.NASL", "MARIADB_10_5_11.NASL", "MARIADB_10_5_12.NASL", "MARIADB_10_5_13.NASL", "MARIADB_10_5_16.NASL", "MARIADB_10_6_3.NASL", "MARIADB_10_6_5.NASL", "MARIADB_10_6_8.NASL", "MARIADB_10_7_4.NASL", "MARINER_MARIADB_CVE-2022-27378.NASL", "MARINER_MARIADB_CVE-2022-27380.NASL", "MARINER_MARIADB_CVE-2022-27381.NASL", "MARINER_MARIADB_CVE-2022-27383.NASL", "MARINER_MARIADB_CVE-2022-27384.NASL", "MARINER_MARIADB_CVE-2022-27385.NASL", "MARINER_MARIADB_CVE-2022-27386.NASL", "MARINER_MARIADB_CVE-2022-27387.NASL", "MARINER_MARIADB_CVE-2022-27445.NASL", "MARINER_MARIADB_CVE-2022-27448.NASL", "MARINER_MARIADB_CVE-2022-27457.NASL", "MARINER_MARIADB_CVE-2022-31621.NASL", "MARINER_MARIADB_CVE-2022-31622.NASL", "MARINER_MARIADB_CVE-2022-31623.NASL", "MARINER_MARIADB_CVE-2022-31624.NASL", "OPENSUSE-2022-0731-1.NASL", "ORACLELINUX_ELSA-2022-1556.NASL", "ORACLELINUX_ELSA-2022-1557.NASL", "ORACLELINUX_ELSA-2022-5826.NASL", "ORACLELINUX_ELSA-2022-5948.NASL", "ORACLELINUX_ELSA-2022-6443.NASL", "REDHAT-RHSA-2022-1007.NASL", "REDHAT-RHSA-2022-1010.NASL", "REDHAT-RHSA-2022-1556.NASL", "REDHAT-RHSA-2022-1557.NASL", "REDHAT-RHSA-2022-4818.NASL", "REDHAT-RHSA-2022-5759.NASL", "REDHAT-RHSA-2022-5826.NASL", "REDHAT-RHSA-2022-5948.NASL", "REDHAT-RHSA-2022-6306.NASL", "REDHAT-RHSA-2022-6443.NASL", "SLACKWARE_SSA_2022-141-01.NASL", "SUSE_SU-2022-0725-1.NASL", "SUSE_SU-2022-0726-1.NASL", "SUSE_SU-2022-0731-1.NASL", "SUSE_SU-2022-0731-2.NASL", "SUSE_SU-2022-0782-1.NASL", "SUSE_SU-2022-2003-1.NASL", "SUSE_SU-2022-2107-1.NASL", "SUSE_SU-2022-2160-1.NASL", "SUSE_SU-2022-2189-1.NASL", "SUSE_SU-2022-2561-1.NASL", "UBUNTU_USN-5739-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-1556", "ELSA-2022-1557", "ELSA-2022-5826", "ELSA-2022-5948", "ELSA-2022-6443"]}, {"type": "osv", "idList": ["OSV:CVE-2022-27378", "OSV:CVE-2022-27380", "OSV:CVE-2022-27448", "OSV:CVE-2022-31621", "OSV:CVE-2022-31622", "OSV:CVE-2022-31623", "OSV:CVE-2022-31624", "OSV:DLA-3114-1"]}, {"type": "photon", "idList": ["PHSA-2022-0361", "PHSA-2022-0399", "PHSA-2022-0439", "PHSA-2022-0469", "PHSA-2022-0479", "PHSA-2022-3.0-0361", "PHSA-2022-3.0-0399"]}, {"type": "prion", "idList": ["PRION:CVE-2021-46658", "PRION:CVE-2021-46662", "PRION:CVE-2022-27378", "PRION:CVE-2022-27380", "PRION:CVE-2022-27381", "PRION:CVE-2022-27383", "PRION:CVE-2022-27384", "PRION:CVE-2022-27385", "PRION:CVE-2022-27386", "PRION:CVE-2022-27387", "PRION:CVE-2022-27445", "PRION:CVE-2022-27448", "PRION:CVE-2022-27455", "PRION:CVE-2022-27457", "PRION:CVE-2022-31621", "PRION:CVE-2022-31622", "PRION:CVE-2022-31623", "PRION:CVE-2022-31624"]}, {"type": "redhat", "idList": ["RHSA-2022:1007", "RHSA-2022:1010", "RHSA-2022:1556", "RHSA-2022:1557", "RHSA-2022:4818", "RHSA-2022:5759", "RHSA-2022:5826", "RHSA-2022:5948", "RHSA-2022:6306", "RHSA-2022:6443"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-46658", "RH:CVE-2021-46662", "RH:CVE-2022-27378", "RH:CVE-2022-27380", "RH:CVE-2022-27381", "RH:CVE-2022-27383", "RH:CVE-2022-27384", "RH:CVE-2022-27385", "RH:CVE-2022-27386", "RH:CVE-2022-27387", "RH:CVE-2022-27445", "RH:CVE-2022-27448", "RH:CVE-2022-27455", "RH:CVE-2022-27457", "RH:CVE-2022-31621", "RH:CVE-2022-31622", "RH:CVE-2022-31623", "RH:CVE-2022-31624"]}, {"type": "rocky", "idList": ["RLSA-2022:1556", "RLSA-2022:1557", "RLSA-2022:5826", "RLSA-2022:5948", "RLSA-2022:6443"]}, {"type": "slackware", "idList": ["SSA-2022-141-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0725-1", "OPENSUSE-SU-2022:0726-1", "OPENSUSE-SU-2022:0731-1", "SUSE-SU-2022:0731-2", "SUSE-SU-2022:2003-1", "SUSE-SU-2022:2107-1", "SUSE-SU-2022:2561-1"]}, {"type": "ubuntu", "idList": ["USN-5739-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-46658", "UB:CVE-2021-46662", "UB:CVE-2022-27378", "UB:CVE-2022-27380", "UB:CVE-2022-27381", "UB:CVE-2022-27383", "UB:CVE-2022-27384", "UB:CVE-2022-27385", "UB:CVE-2022-27386", "UB:CVE-2022-27387", "UB:CVE-2022-27445", "UB:CVE-2022-27448", "UB:CVE-2022-27455", "UB:CVE-2022-27457", "UB:CVE-2022-31621", "UB:CVE-2022-31622", "UB:CVE-2022-31623", "UB:CVE-2022-31624"]}, {"type": "veracode", "idList": ["VERACODE:34745", "VERACODE:35683", "VERACODE:35685", "VERACODE:35694", "VERACODE:35699", "VERACODE:35723", "VERACODE:35724", "VERACODE:35725", "VERACODE:35726", "VERACODE:35728", "VERACODE:35729", "VERACODE:35732", "VERACODE:35823", "VERACODE:35865", "VERACODE:36079", "VERACODE:36080", "VERACODE:36454", "VERACODE:36455"]}]}, "score": {"value": 7.8, "vector": "NONE"}, "epss": [{"cve": "CVE-2021-46658", "epss": 0.00042, "percentile": 0.05657, "modified": "2023-05-01"}, {"cve": "CVE-2021-46662", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-27378", "epss": 0.00082, "percentile": 0.33559, "modified": "2023-05-02"}, {"cve": "CVE-2022-27380", "epss": 0.00082, "percentile": 0.33559, "modified": "2023-05-02"}, {"cve": "CVE-2022-27381", "epss": 0.00082, "percentile": 0.33559, "modified": "2023-05-02"}, {"cve": "CVE-2022-27383", "epss": 0.00068, "percentile": 0.27922, "modified": "2023-05-02"}, {"cve": "CVE-2022-27384", "epss": 0.00082, "percentile": 0.33559, "modified": "2023-05-02"}, {"cve": "CVE-2022-27385", "epss": 0.00063, "percentile": 0.2506, "modified": "2023-05-02"}, {"cve": "CVE-2022-27386", "epss": 0.00082, "percentile": 0.33559, "modified": "2023-05-02"}, {"cve": "CVE-2022-27387", "epss": 0.00066, "percentile": 0.26925, "modified": "2023-05-02"}, {"cve": "CVE-2022-27445", "epss": 0.00068, "percentile": 0.27922, "modified": "2023-05-02"}, {"cve": "CVE-2022-27448", "epss": 0.00068, "percentile": 0.27839, "modified": "2023-05-02"}, {"cve": "CVE-2022-27455", "epss": 0.00068, "percentile": 0.27771, "modified": "2023-05-02"}, {"cve": "CVE-2022-27457", "epss": 0.00068, "percentile": 0.27771, "modified": "2023-05-02"}, {"cve": "CVE-2022-31621", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-31622", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-31623", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-31624", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}], "vulnersScore": 7.8}, "_state": {"dependencies": 1697382372, "score": 1698852299, "epss": 0}, "_internal": {"score_hash": "8ac91ec773bffc8ffc9a524d53c8b1cb"}, "pluginID": "164205", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164205);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/13\");\n\n script_cve_id(\n \"CVE-2021-46658\",\n \"CVE-2021-46662\",\n \"CVE-2022-27378\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27385\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27445\",\n \"CVE-2022-27448\",\n \"CVE-2022-27455\",\n \"CVE-2022-27457\",\n \"CVE-2022-31621\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\",\n \"CVE-2022-31624\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : mariadb (EulerOS-SA-2022-2227)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect\n handling of with_window_func=true for a subquery. (CVE-2021-46658)\n\n - MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in\n conjunction with a nested subquery. (CVE-2021-46662)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server\n v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted\n SQL statements. (CVE-2022-27385)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when\n an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock\n is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n (CVE-2022-31621)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads,\n the held lock is not released correctly, which allows local users to trigger a denial of service due to\n the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held\n lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service\n due to the deadlock. (CVE-2022-31623)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the\n plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released\n correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2227\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2df561b8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mariadb packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27457\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"mariadb-10.3.9-2.h6.eulerosv2r8\",\n \"mariadb-common-10.3.9-2.h6.eulerosv2r8\",\n \"mariadb-devel-10.3.9-2.h6.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": ["p-cpe:/a:huawei:euleros:mariadb", "p-cpe:/a:huawei:euleros:mariadb-common", "p-cpe:/a:huawei:euleros:mariadb-devel", "cpe:/o:huawei:euleros:2.0"], "solution": "Update the affected mariadb packages.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2022-27457", "vendor_cvss2": {"score": 5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "vendor_cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "vpr": {"risk factor": "Medium", "score": "4.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2022-08-17T00:00:00", "vulnerabilityPublicationDate": "2022-01-29T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-10-15T15:05:07", "description": "According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-08-17T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : mariadb (EulerOS-SA-2022-2275)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-27383", "CVE-2022-27386", "CVE-2022-27455", "CVE-2022-27457", "CVE-2022-31624"], "modified": "2023-10-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:mariadb", "p-cpe:/a:huawei:euleros:mariadb-bench", "p-cpe:/a:huawei:euleros:mariadb-devel", "p-cpe:/a:huawei:euleros:mariadb-libs", "p-cpe:/a:huawei:euleros:mariadb-server", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2275.NASL", "href": "https://www.tenable.com/plugins/nessus/164216", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164216);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/13\");\n\n script_cve_id(\n \"CVE-2022-27383\",\n \"CVE-2022-27386\",\n \"CVE-2022-27455\",\n \"CVE-2022-27457\",\n \"CVE-2022-31624\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : mariadb (EulerOS-SA-2022-2275)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the\n plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released\n correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2275\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a868fc10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mariadb packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27457\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"mariadb-5.5.66-1.h6.eulerosv2r7\",\n \"mariadb-bench-5.5.66-1.h6.eulerosv2r7\",\n \"mariadb-devel-5.5.66-1.h6.eulerosv2r7\",\n \"mariadb-libs-5.5.66-1.h6.eulerosv2r7\",\n \"mariadb-server-5.5.66-1.h6.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-16T14:54:25", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2160-1 advisory.\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-24T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : mariadb (SUSE-SU-2022:2160-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46669", "CVE-2022-21427", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27445"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-tools", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-2160-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162520", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2160-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162520);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-46669\",\n \"CVE-2022-21427\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27445\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2160-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : mariadb (SUSE-SU-2022:2160-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2160-1 advisory.\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27445\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011337.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?26ac9774\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mariadb, mariadb-client, mariadb-errormessages and / or mariadb-tools packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27445\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'mariadb-10.2.44-3.50.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'mariadb-client-10.2.44-3.50.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'mariadb-errormessages-10.2.44-3.50.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'mariadb-tools-10.2.44-3.50.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'mariadb-10.2.44-3.50.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'mariadb-client-10.2.44-3.50.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'mariadb-errormessages-10.2.44-3.50.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'mariadb-tools-10.2.44-3.50.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'mariadb-10.2.44-3.50.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'mariadb-client-10.2.44-3.50.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'mariadb-errormessages-10.2.44-3.50.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'mariadb-tools-10.2.44-3.50.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'mariadb-10.2.44-3.50.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'mariadb-client-10.2.44-3.50.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'mariadb-errormessages-10.2.44-3.50.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'mariadb-tools-10.2.44-3.50.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mariadb / mariadb-client / mariadb-errormessages / mariadb-tools');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-25T17:51:07", "description": "According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. (CVE-2021-27928)\n\n - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. (CVE-2021-46657)\n\n - save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. (CVE-2021-46658)\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. (CVE-2021-46662)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665)\n\n - MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. (CVE-2021-46666)\n\n - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27385)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n (CVE-2022-31621)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31623)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-10-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.0 : mariadb (EulerOS-SA-2022-2573)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-27928", "CVE-2021-46657", "CVE-2021-46658", "CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46662", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46666", "CVE-2021-46667", "CVE-2021-46668", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27385", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27445", "CVE-2022-27448", "CVE-2022-27455", "CVE-2022-27457", "CVE-2022-31621", "CVE-2022-31622", "CVE-2022-31623", "CVE-2022-31624"], "modified": "2022-10-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:mariadb", "p-cpe:/a:huawei:euleros:mariadb-common", "p-cpe:/a:huawei:euleros:mariadb-devel", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2022-2573.NASL", "href": "https://www.tenable.com/plugins/nessus/165956", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165956);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/11\");\n\n script_cve_id(\n \"CVE-2021-27928\",\n \"CVE-2021-46657\",\n \"CVE-2021-46658\",\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46662\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46666\",\n \"CVE-2021-46667\",\n \"CVE-2021-46668\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27385\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27445\",\n \"CVE-2022-27448\",\n \"CVE-2022-27455\",\n \"CVE-2022-27457\",\n \"CVE-2022-31621\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\",\n \"CVE-2022-31624\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.0 : mariadb (EulerOS-SA-2022-2573)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4\n before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through\n 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can\n execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an\n Oracle product. (CVE-2021-27928)\n\n - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER\n BY. (CVE-2021-46657)\n\n - save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect\n handling of with_window_func=true for a subquery. (CVE-2021-46658)\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that\n SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an\n unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in\n conjunction with a nested subquery. (CVE-2021-46662)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations. (CVE-2021-46665)\n\n - MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING\n clause to a WHERE clause. (CVE-2021-46666)\n\n - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that\n improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server\n v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted\n SQL statements. (CVE-2022-27385)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when\n an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock\n is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n (CVE-2022-31621)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads,\n the held lock is not released correctly, which allows local users to trigger a denial of service due to\n the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held\n lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service\n due to the deadlock. (CVE-2022-31623)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the\n plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released\n correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2573\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8ea50428\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mariadb packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27928\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"mariadb-10.3.9-2.h6.eulerosv2r8\",\n \"mariadb-common-10.3.9-2.h6.eulerosv2r8\",\n \"mariadb-devel-10.3.9-2.h6.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T15:10:36", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2107-1 advisory.\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-17T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : mariadb (SUSE-SU-2022:2107-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46669", "CVE-2022-21427", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27445"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmysqld-devel", "p-cpe:/a:novell:suse_linux:libmysqld19", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-tools", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2107-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162380", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2107-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162380);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-46669\",\n \"CVE-2022-21427\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27445\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2107-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : mariadb (SUSE-SU-2022:2107-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2107-1 advisory.\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27445\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011306.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?48502095\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27445\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP0/1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libmysqld-devel-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libmysqld19-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'mariadb-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'mariadb-client-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'mariadb-errormessages-10.2.44-150000.3.54.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'mariadb-tools-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libmysqld-devel-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libmysqld19-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'mariadb-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'mariadb-client-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'mariadb-errormessages-10.2.44-150000.3.54.1', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'mariadb-tools-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libmysqld-devel-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libmysqld-devel-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libmysqld19-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libmysqld19-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'mariadb-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'mariadb-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'mariadb-client-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'mariadb-client-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'mariadb-errormessages-10.2.44-150000.3.54.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'mariadb-tools-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'mariadb-tools-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libmysqld-devel-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libmysqld-devel-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libmysqld-devel-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libmysqld-devel-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libmysqld19-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libmysqld19-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libmysqld19-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libmysqld19-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'mariadb-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'mariadb-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'mariadb-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'mariadb-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'mariadb-client-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'mariadb-client-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'mariadb-client-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'mariadb-client-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'mariadb-errormessages-10.2.44-150000.3.54.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'mariadb-errormessages-10.2.44-150000.3.54.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'mariadb-tools-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'mariadb-tools-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'mariadb-tools-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'mariadb-tools-10.2.44-150000.3.54.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libmysqld-devel-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libmysqld-devel-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libmysqld19-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libmysqld19-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'mariadb-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'mariadb-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'mariadb-client-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'mariadb-client-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'mariadb-errormessages-10.2.44-150000.3.54.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'mariadb-tools-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'mariadb-tools-10.2.44-150000.3.54.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libmysqld-devel-10.2.44-150000.3.54.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libmysqld19-10.2.44-150000.3.54.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'mariadb-10.2.44-150000.3.54.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'mariadb-client-10.2.44-150000.3.54.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'mariadb-tools-10.2.44-150000.3.54.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libmysqld-devel-10.2.44-150000.3.54.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'libmysqld19-10.2.44-150000.3.54.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'mariadb-10.2.44-150000.3.54.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'mariadb-client-10.2.44-150000.3.54.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'mariadb-tools-10.2.44-150000.3.54.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libmysqld-devel / libmysqld19 / mariadb / mariadb-client / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-24T17:20:38", "description": "The version of MariaDB installed on the remote host is prior to 10.2.44. It is, therefore, affected by multiple vulnerabilities as referenced in the mdb-10244-rn advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-11T00:00:00", "type": "nessus", "title": "MariaDB 10.2.0 < 10.2.44 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46669", "CVE-2022-21427", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27445", "CVE-2022-32083", "CVE-2022-32088"], "modified": "2023-08-23T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_2_44.NASL", "href": "https://www.tenable.com/plugins/nessus/161053", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161053);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/23\");\n\n script_cve_id(\n \"CVE-2021-46669\",\n \"CVE-2022-21427\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27445\",\n \"CVE-2022-32083\",\n \"CVE-2022-32088\"\n );\n\n script_name(english:\"MariaDB 10.2.0 < 10.2.44 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.2.44. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mdb-10244-rn advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10-2-44-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.2.44 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32088\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/11\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mariadb_nix_installed.nbin\", \"mariadb_win_installed.nbin\", \"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'MariaDB');\n\nif (!(app_info.local) && report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, 'MariaDB');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [\n { 'min_version' : '10.2', 'fixed_version' : '10.2.44' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T14:56:04", "description": "The version of mariadb installed on the remote host is prior to 10.5.16 / 10.6.8. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-141-01 advisory.\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-21T00:00:00", "type": "nessus", "title": "Slackware Linux 15.0 / current mariadb Multiple Vulnerabilities (SSA:2022-141-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458"], "modified": "2023-10-26T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:mariadb", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:15.0"], "id": "SLACKWARE_SSA_2022-141-01.NASL", "href": "https://www.tenable.com/plugins/nessus/161429", "sourceData": "##\n# (C) Tenable, Inc.\n##\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Slackware Security Advisory SSA:2022-141-01. The text\n# itself is copyright (C) Slackware Linux, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161429);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/26\");\n\n script_cve_id(\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\"\n );\n\n script_name(english:\"Slackware Linux 15.0 / current mariadb Multiple Vulnerabilities (SSA:2022-141-01)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Slackware Linux host is missing a security update to mariadb.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of mariadb installed on the remote host is prior to 10.5.16 / 10.6.8. It is, therefore, affected by multiple\nvulnerabilities as referenced in the SSA:2022-141-01 advisory.\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the affected mariadb package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27458\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:15.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Slackware Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\ninclude(\"slackware.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\nvar flag = 0;\nvar constraints = [\n { 'fixed_version' : '10.5.16', 'product' : 'mariadb', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1_slack15.0', 'arch' : 'i586' },\n { 'fixed_version' : '10.5.16', 'product' : 'mariadb', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1_slack15.0', 'arch' : 'x86_64' },\n { 'fixed_version' : '10.6.8', 'product' : 'mariadb', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '1', 'arch' : 'i586' },\n { 'fixed_version' : '10.6.8', 'product' : 'mariadb', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '1', 'arch' : 'x86_64' }\n];\n\nforeach constraint (constraints) {\n var pkg_arch = constraint['arch'];\n var arch = NULL;\n if (pkg_arch == \"x86_64\") {\n arch = pkg_arch;\n }\n if (slackware_check(osver:constraint['os_version'],\n arch:arch,\n pkgname:constraint['product'],\n pkgver:constraint['fixed_version'],\n pkgarch:pkg_arch,\n pkgnum:constraint['service_pack'])) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : slackware_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-30T15:57:37", "description": "The version of MariaDB installed on the remote host is prior to 10.6.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mdb-1065-rn advisory.\n\n - MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. (CVE-2021-46662)\n\n - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "MariaDB 10.6.0 < 10.6.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46662", "CVE-2021-46667", "CVE-2022-27385", "CVE-2022-31624"], "modified": "2023-08-23T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_6_5.NASL", "href": "https://www.tenable.com/plugins/nessus/157858", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157858);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/23\");\n\n script_cve_id(\n \"CVE-2021-46662\",\n \"CVE-2021-46667\",\n \"CVE-2022-27385\",\n \"CVE-2022-31624\"\n );\n\n script_name(english:\"MariaDB 10.6.0 < 10.6.5 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.6.5. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mdb-1065-rn advisory.\n\n - MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in\n conjunction with a nested subquery. (CVE-2021-46662)\n\n - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10-6-5-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.6.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27385\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mariadb_nix_installed.nbin\", \"mariadb_win_installed.nbin\", \"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'MariaDB');\n\nif (!(app_info.local) && report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, 'MariaDB');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [\n { 'min_version' : '10.6', 'fixed_version' : '10.6.5' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T14:57:53", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 04fecc47-dad2-11ec-8fbd-d4c9ef517024 advisory.\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-23T00:00:00", "type": "nessus", "title": "FreeBSD : MariaDB -- Multiple vulnerabilities (04fecc47-dad2-11ec-8fbd-d4c9ef517024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46669", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458"], "modified": "2023-10-26T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mariadb103-client", "p-cpe:/a:freebsd:freebsd:mariadb103-server", "p-cpe:/a:freebsd:freebsd:mariadb104-client", "p-cpe:/a:freebsd:freebsd:mariadb104-server", "p-cpe:/a:freebsd:freebsd:mariadb105-client", "p-cpe:/a:freebsd:freebsd:mariadb105-server", "p-cpe:/a:freebsd:freebsd:mariadb106-client", "p-cpe:/a:freebsd:freebsd:mariadb106-server", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_04FECC47DAD211EC8FBDD4C9EF517024.NASL", "href": "https://www.tenable.com/plugins/nessus/161445", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161445);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/26\");\n\n script_cve_id(\n \"CVE-2021-46669\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\"\n );\n\n script_name(english:\"FreeBSD : MariaDB -- Multiple vulnerabilities (04fecc47-dad2-11ec-8fbd-d4c9ef517024)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the 04fecc47-dad2-11ec-8fbd-d4c9ef517024 advisory.\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/security/#full-list-of-cves-fixed-in-mariadb\");\n # https://vuxml.freebsd.org/freebsd/04fecc47-dad2-11ec-8fbd-d4c9ef517024.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?198b159a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27458\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb103-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb103-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb104-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb104-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb105-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb105-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb106-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb106-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'mariadb103-client<10.3.35',\n 'mariadb103-server<10.3.35',\n 'mariadb104-client<10.4.25',\n 'mariadb104-server<10.4.25',\n 'mariadb105-client<10.5.16',\n 'mariadb105-server<10.5.16',\n 'mariadb106-client<10.6.8',\n 'mariadb106-server<10.6.8'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T14:54:36", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2189-1 advisory.\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-28T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : mariadb (SUSE-SU-2022:2189-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46669", "CVE-2022-21427", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmariadbd-devel", "p-cpe:/a:novell:suse_linux:libmariadbd19", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-tools", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2189-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162556", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2189-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162556);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-46669\",\n \"CVE-2022-21427\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2189-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : mariadb (SUSE-SU-2022:2189-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2189-1 advisory.\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27458\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011363.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a54a32a0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27458\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadbd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadbd19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libmariadbd-devel-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'libmariadbd19-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'mariadb-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'mariadb-client-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'mariadb-errormessages-10.4.25-150200.3.28.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'mariadb-tools-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'libmariadbd-devel-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'libmariadbd-devel-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'libmariadbd19-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'libmariadbd19-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'mariadb-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'mariadb-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'mariadb-client-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'mariadb-client-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'mariadb-errormessages-10.4.25-150200.3.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'mariadb-tools-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'mariadb-tools-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'libmariadbd-devel-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libmariadbd-devel-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libmariadbd19-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libmariadbd19-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'mariadb-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'mariadb-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'mariadb-client-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'mariadb-client-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'mariadb-errormessages-10.4.25-150200.3.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'mariadb-tools-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'mariadb-tools-10.4.25-150200.3.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libmariadbd-devel-10.4.25-150200.3.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'libmariadbd19-10.4.25-150200.3.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'mariadb-10.4.25-150200.3.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'mariadb-client-10.4.25-150200.3.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'mariadb-tools-10.4.25-150200.3.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libmariadbd-devel / libmariadbd19 / mariadb / mariadb-client / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T14:55:01", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2003-1 advisory.\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-08T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : mariadb (SUSE-SU-2022:2003-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46669", "CVE-2022-21427", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmariadbd-devel", "p-cpe:/a:novell:suse_linux:libmariadbd19", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-tools", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2003-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161945", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2003-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161945);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\n \"CVE-2021-46669\",\n \"CVE-2022-21427\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2003-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : mariadb (SUSE-SU-2022:2003-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2003-1 advisory.\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27458\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011247.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7d82dace\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27458\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadbd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadbd19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libmariadbd-devel-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libmariadbd19-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'mariadb-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'mariadb-client-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'mariadb-errormessages-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'mariadb-tools-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libmariadbd-devel-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'libmariadbd19-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'mariadb-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'mariadb-client-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'mariadb-errormessages-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'mariadb-tools-10.5.16-150300.3.18.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libmariadbd-devel / libmariadbd19 / mariadb / mariadb-client / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-15T15:09:05", "description": "According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. (CVE-2021-46657)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. (CVE-2021-46662)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665)\n\n - MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. (CVE-2021-46666)\n\n - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-10-09T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : mariadb (EulerOS-SA-2022-2518)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46657", "CVE-2021-46661", "CVE-2021-46662", "CVE-2021-46663", "CVE-2021-46665", "CVE-2021-46666", "CVE-2021-46667", "CVE-2021-46668", "CVE-2022-27383", "CVE-2022-27386", "CVE-2022-27455", "CVE-2022-27457", "CVE-2022-31624"], "modified": "2023-10-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:mariadb", "p-cpe:/a:huawei:euleros:mariadb-bench", "p-cpe:/a:huawei:euleros:mariadb-devel", "p-cpe:/a:huawei:euleros:mariadb-libs", "p-cpe:/a:huawei:euleros:mariadb-server", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2022-2518.NASL", "href": "https://www.tenable.com/plugins/nessus/165870", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165870);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/10\");\n\n script_cve_id(\n \"CVE-2021-46657\",\n \"CVE-2021-46661\",\n \"CVE-2021-46662\",\n \"CVE-2021-46663\",\n \"CVE-2021-46665\",\n \"CVE-2021-46666\",\n \"CVE-2021-46667\",\n \"CVE-2021-46668\",\n \"CVE-2022-27383\",\n \"CVE-2022-27386\",\n \"CVE-2022-27455\",\n \"CVE-2022-27457\",\n \"CVE-2022-31624\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : mariadb (EulerOS-SA-2022-2518)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER\n BY. (CVE-2021-46657)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an\n unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in\n conjunction with a nested subquery. (CVE-2021-46662)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations. (CVE-2021-46665)\n\n - MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING\n clause to a WHERE clause. (CVE-2021-46666)\n\n - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that\n improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the\n plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released\n correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2518\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d5a6b324\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mariadb packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27457\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"mariadb-5.5.66-1.h6.eulerosv2r7\",\n \"mariadb-bench-5.5.66-1.h6.eulerosv2r7\",\n \"mariadb-devel-5.5.66-1.h6.eulerosv2r7\",\n \"mariadb-libs-5.5.66-1.h6.eulerosv2r7\",\n \"mariadb-server-5.5.66-1.h6.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-06T21:26:50", "description": "According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-10-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : mariadb (EulerOS-SA-2022-2624)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-27383", "CVE-2022-27457"], "modified": "2023-10-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:mariadb", "p-cpe:/a:huawei:euleros:mariadb-bench", "p-cpe:/a:huawei:euleros:mariadb-devel", "p-cpe:/a:huawei:euleros:mariadb-libs", "p-cpe:/a:huawei:euleros:mariadb-server", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2624.NASL", "href": "https://www.tenable.com/plugins/nessus/166648", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166648);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/06\");\n\n script_cve_id(\"CVE-2022-27383\", \"CVE-2022-27457\");\n\n script_name(english:\"EulerOS 2.0 SP3 : mariadb (EulerOS-SA-2022-2624)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2624\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1b7b2887\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mariadb packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27457\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (_release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"mariadb-5.5.60-1.h5\",\n \"mariadb-bench-5.5.60-1.h5\",\n \"mariadb-devel-5.5.60-1.h5\",\n \"mariadb-libs-5.5.60-1.h5\",\n \"mariadb-server-5.5.60-1.h5\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-02T15:56:27", "description": "The version of MariaDB installed on the remote host is prior to 10.4.22. It is, therefore, affected by a vulnerability as referenced in the mdb-10422-rn advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35604)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-06T00:00:00", "type": "nessus", "title": "MariaDB 10.4.0 < 10.4.22 A Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-35604", "CVE-2021-46662", "CVE-2021-46667", "CVE-2022-27385", "CVE-2022-31624"], "modified": "2023-11-01T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_4_22.NASL", "href": "https://www.tenable.com/plugins/nessus/154937", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154937);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/01\");\n\n script_cve_id(\n \"CVE-2021-35604\",\n \"CVE-2021-46662\",\n \"CVE-2021-46667\",\n \"CVE-2022-27385\",\n \"CVE-2022-31624\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0487-S\");\n\n script_name(english:\"MariaDB 10.4.0 < 10.4.22 A Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.4.22. It is, therefore, affected by a vulnerability\nas referenced in the mdb-10422-rn advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of\n MySQL Server accessible data. (CVE-2021-35604)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10-4-22-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.4.22 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35604\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/06\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mariadb_nix_installed.nbin\", \"mariadb_win_installed.nbin\", \"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'MariaDB');\n\nif (!(app_info.local) && report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, 'MariaDB');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [\n { 'min_version' : '10.4', 'fixed_version' : '10.4.22' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-02T15:56:50", "description": "The version of MariaDB installed on the remote host is prior to 10.5.13. It is, therefore, affected by a vulnerability as referenced in the mdb-10513-rn advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35604)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-06T00:00:00", "type": "nessus", "title": "MariaDB 10.5.0 < 10.5.13 A Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-35604", "CVE-2021-46662", "CVE-2021-46667", "CVE-2022-27385", "CVE-2022-31624"], "modified": "2023-11-01T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_5_13.NASL", "href": "https://www.tenable.com/plugins/nessus/154940", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154940);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/01\");\n\n script_cve_id(\n \"CVE-2021-35604\",\n \"CVE-2021-46662\",\n \"CVE-2021-46667\",\n \"CVE-2022-27385\",\n \"CVE-2022-31624\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0487-S\");\n\n script_name(english:\"MariaDB 10.5.0 < 10.5.13 A Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.5.13. It is, therefore, affected by a vulnerability\nas referenced in the mdb-10513-rn advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of\n MySQL Server accessible data. (CVE-2021-35604)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10-5-13-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.5.13 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35604\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/06\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mariadb_nix_installed.nbin\", \"mariadb_win_installed.nbin\", \"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'MariaDB');\n\nif (!(app_info.local) && report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, 'MariaDB');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [\n { 'min_version' : '10.5', 'fixed_version' : '10.5.13' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:47:27", "description": "According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. (CVE-2021-46657)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. (CVE-2021-46662)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665)\n\n - MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. (CVE-2021-46666)\n\n - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2023-05-07T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.0 : mariadb (EulerOS-SA-2023-1704)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46657", "CVE-2021-46661", "CVE-2021-46662", "CVE-2021-46663", "CVE-2021-46665", "CVE-2021-46666", "CVE-2021-46667", "CVE-2021-46668", "CVE-2022-27383", "CVE-2022-27386", "CVE-2022-27455", "CVE-2022-27457", "CVE-2022-31624"], "modified": "2023-05-07T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.2.0", "p-cpe:/a:huawei:euleros:mariadb", "p-cpe:/a:huawei:euleros:mariadb-libs", "p-cpe:/a:huawei:euleros:mariadb-server"], "id": "EULEROS_SA-2023-1704.NASL", "href": "https://www.tenable.com/plugins/nessus/175168", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(175168);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/07\");\n\n script_cve_id(\n \"CVE-2021-46657\",\n \"CVE-2021-46661\",\n \"CVE-2021-46662\",\n \"CVE-2021-46663\",\n \"CVE-2021-46665\",\n \"CVE-2021-46666\",\n \"CVE-2021-46667\",\n \"CVE-2021-46668\",\n \"CVE-2022-27383\",\n \"CVE-2022-27386\",\n \"CVE-2022-27455\",\n \"CVE-2022-27457\",\n \"CVE-2022-31624\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.0 : mariadb (EulerOS-SA-2023-1704)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER\n BY. (CVE-2021-46657)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an\n unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in\n conjunction with a nested subquery. (CVE-2021-46662)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations. (CVE-2021-46665)\n\n - MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING\n clause to a WHERE clause. (CVE-2021-46666)\n\n - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that\n improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the\n plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released\n correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1704\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d66264c5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mariadb packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27457\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu && \"x86\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"mariadb-5.5.66-1.h6\",\n \"mariadb-libs-5.5.66-1.h6\",\n \"mariadb-server-5.5.66-1.h6\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-02T15:56:21", "description": "The version of MariaDB installed on the remote host is prior to 10.3.32. It is, therefore, affected by a vulnerability as referenced in the mdb-10332-rn advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35604)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-09T00:00:00", "type": "nessus", "title": "MariaDB 10.3.0 < 10.3.32 A Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-35604", "CVE-2021-46662", "CVE-2021-46667", "CVE-2022-27385", "CVE-2022-31624"], "modified": "2023-11-01T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_3_32.NASL", "href": "https://www.tenable.com/plugins/nessus/154973", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154973);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/01\");\n\n script_cve_id(\n \"CVE-2021-35604\",\n \"CVE-2021-46662\",\n \"CVE-2021-46667\",\n \"CVE-2022-27385\",\n \"CVE-2022-31624\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0487-S\");\n\n script_name(english:\"MariaDB 10.3.0 < 10.3.32 A Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.3.32. It is, therefore, affected by a vulnerability\nas referenced in the mdb-10332-rn advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of\n MySQL Server accessible data. (CVE-2021-35604)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10-3-32-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.3.32 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35604\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/09\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mariadb_nix_installed.nbin\", \"mariadb_win_installed.nbin\", \"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'MariaDB');\n\nif (!(app_info.local) && report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, 'MariaDB');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [\n { 'min_version' : '10.3', 'fixed_version' : '10.3.32' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-24T16:55:05", "description": "The version of MariaDB installed on the remote host is prior to 10.7.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-1074-release-notes advisory.\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "MariaDB 10.7.0 < 10.7.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46669", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-32083", "CVE-2022-32085", "CVE-2022-32086", "CVE-2022-32087", "CVE-2022-32088"], "modified": "2023-08-23T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_7_4.NASL", "href": "https://www.tenable.com/plugins/nessus/160725", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160725);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/23\");\n\n script_cve_id(\n \"CVE-2021-46669\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-32083\",\n \"CVE-2022-32085\",\n \"CVE-2022-32086\",\n \"CVE-2022-32087\",\n \"CVE-2022-32088\"\n );\n\n script_name(english:\"MariaDB 10.7.0 < 10.7.4 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.7.4. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mariadb-1074-release-notes advisory.\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10-7-4-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.7.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32088\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mariadb_nix_installed.nbin\", \"mariadb_win_installed.nbin\", \"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'MariaDB');\n\nif (!(app_info.local) && report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, 'MariaDB');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [\n { 'min_version' : '10.7', 'fixed_version' : '10.7.4' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-24T16:28:01", "description": "The version of MariaDB installed on the remote host is prior to 10.6.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-1068-release-notes advisory.\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "MariaDB 10.6.0 < 10.6.8 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46669", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-32083", "CVE-2022-32085", "CVE-2022-32086", "CVE-2022-32087", "CVE-2022-32088"], "modified": "2023-08-23T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_6_8.NASL", "href": "https://www.tenable.com/plugins/nessus/160723", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160723);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/23\");\n\n script_cve_id(\n \"CVE-2021-46669\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-32083\",\n \"CVE-2022-32085\",\n \"CVE-2022-32086\",\n \"CVE-2022-32087\",\n \"CVE-2022-32088\"\n );\n\n script_name(english:\"MariaDB 10.6.0 < 10.6.8 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.6.8. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mariadb-1068-release-notes advisory.\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10-6-8-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.6.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32088\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mariadb_nix_installed.nbin\", \"mariadb_win_installed.nbin\", \"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'MariaDB');\n\nif (!(app_info.local) && report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, 'MariaDB');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [\n { 'min_version' : '10.6', 'fixed_version' : '10.6.8' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:55:31", "description": "The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2022:5826 advisory.\n\n - mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)\n\n - mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) (CVE-2021-46661)\n\n - mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements (CVE-2021-46663)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664)\n\n - mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations (CVE-2021-46665)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements (CVE-2021-46668)\n\n - mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed- length stack-based buffer (CVE-2022-24048)\n\n - mariadb: lack of validating the existence of an object prior to performing operations on the object (CVE-2022-24050)\n\n - mariadb: lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051)\n\n - mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)\n\n - mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)\n\n - mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)\n\n - mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)\n\n - mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)\n\n - mariadb: server crash at my_decimal::operator= (CVE-2022-27380)\n\n - mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)\n\n - mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order (CVE-2022-27382)\n\n - mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)\n\n - mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)\n\n - mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)\n\n - mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)\n\n - mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)\n\n - mariadb: assertion failure in compare_order_elements (CVE-2022-27445)\n\n - mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)\n\n - mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447, CVE-2022-27458)\n\n - mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)\n\n - mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)\n\n - mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)\n\n - mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)\n\n - mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)\n\n - mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)\n\n - mariadb: incorrect key in dup value error after long unique (CVE-2022-27457)\n\n - mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622, CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-02T00:00:00", "type": "nessus", "title": "CentOS 8 : mariadb:10.5 (CESA-2022:5826)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-21595", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31622", "CVE-2022-31623"], "modified": "2023-10-17T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:judy"], "id": "CENTOS8_RHSA-2022-5826.NASL", "href": "https://www.tenable.com/plugins/nessus/163712", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2022:5826. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163712);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/17\");\n\n script_cve_id(\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\"\n );\n script_xref(name:\"RHSA\", value:\"2022:5826\");\n\n script_name(english:\"CentOS 8 : mariadb:10.5 (CESA-2022:5826)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2022:5826 advisory.\n\n - mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)\n\n - mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused\n common table expression (CTE) (CVE-2021-46661)\n\n - mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements\n (CVE-2021-46663)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value\n of aggr (CVE-2021-46664)\n\n - mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations (CVE-2021-46665)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements\n (CVE-2021-46668)\n\n - mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the\n BIGINT data type is used (CVE-2021-46669)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-\n length stack-based buffer (CVE-2022-24048)\n\n - mariadb: lack of validating the existence of an object prior to performing operations on the object\n (CVE-2022-24050)\n\n - mariadb: lack of proper validation of a user-supplied string before using it as a format specifier\n (CVE-2022-24051)\n\n - mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)\n\n - mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)\n\n - mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)\n\n - mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)\n\n - mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)\n\n - mariadb: server crash at my_decimal::operator= (CVE-2022-27380)\n\n - mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)\n\n - mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order\n (CVE-2022-27382)\n\n - mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)\n\n - mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)\n\n - mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)\n\n - mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)\n\n - mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)\n\n - mariadb: assertion failure in compare_order_elements (CVE-2022-27445)\n\n - mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)\n\n - mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447, CVE-2022-27458)\n\n - mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)\n\n - mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)\n\n - mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)\n\n - mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)\n\n - mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)\n\n - mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)\n\n - mariadb: incorrect key in dup value error after long unique (CVE-2022-27457)\n\n - mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622,\n CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:5826\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Judy package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:Judy\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/CentOS/release');\nif (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< os_release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/mariadb');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\nif ('10.5' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mariadb:' + module_ver);\n\nvar appstreams = {\n 'mariadb:10.5': [\n {'reference':'Judy-1.0.5-18.module_el8.4.0+697+2baf600e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module_el8.4.0+697+2baf600e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Judy');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:55:07", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5826 advisory.\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-06T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : mariadb:10.5 (5826) (ALSA-2022:5826)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31622", "CVE-2022-31623"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:alma:linux:8", "p-cpe:/a:alma:linux:galera", "p-cpe:/a:alma:linux:judy", "p-cpe:/a:alma:linux:mariadb", "p-cpe:/a:alma:linux:mariadb-backup", "p-cpe:/a:alma:linux:mariadb-common", "p-cpe:/a:alma:linux:mariadb-devel", "p-cpe:/a:alma:linux:mariadb-embedded", "p-cpe:/a:alma:linux:mariadb-embedded-devel", "p-cpe:/a:alma:linux:mariadb-errmsg", "p-cpe:/a:alma:linux:mariadb-gssapi-server", "p-cpe:/a:alma:linux:mariadb-oqgraph-engine", "p-cpe:/a:alma:linux:mariadb-server", "p-cpe:/a:alma:linux:mariadb-server-galera", "p-cpe:/a:alma:linux:mariadb-server-utils", "p-cpe:/a:alma:linux:mariadb-test", "p-cpe:/a:alma:linux:mariadb-pam"], "id": "ALMA_LINUX_ALSA-2022-5826.NASL", "href": "https://www.tenable.com/plugins/nessus/163903", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:5826.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163903);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\"\n );\n script_xref(name:\"ALSA\", value:\"2022:5826\");\n\n script_name(english:\"AlmaLinux 8 : mariadb:10.5 (5826) (ALSA-2022:5826)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:5826 advisory.\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that\n SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an\n unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that\n improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability\n allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is\n required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The\n issue results from the lack of validating the existence of an object prior to performing operations on the\n object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in\n the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows\n local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to\n exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue\n results from the lack of proper validation of a user-supplied string before using it as a format\n specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code\n in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads,\n the held lock is not released correctly, which allows local users to trigger a denial of service due to\n the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held\n lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service\n due to the deadlock. (CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-5826.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:Judy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar module_ver = get_kb_item('Host/AlmaLinux/appstream/mariadb');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\nif ('10.5' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mariadb:' + module_ver);\n\nvar appstreams = {\n 'mariadb:10.5': [\n {'reference':'galera-26.4.11-1.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'galera-26.4.11-1.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.module_el8.6.0+3072+3c630e87', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/AlmaLinux/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Judy / galera / mariadb / mariadb-backup / mariadb-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-19T15:01:10", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5826 advisory.\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-04T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : mariadb:10.5 (ELSA-2022-5826)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31622", "CVE-2022-31623"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:judy", "p-cpe:/a:oracle:linux:galera", "p-cpe:/a:oracle:linux:mariadb", "p-cpe:/a:oracle:linux:mariadb-backup", "p-cpe:/a:oracle:linux:mariadb-common", "p-cpe:/a:oracle:linux:mariadb-devel", "p-cpe:/a:oracle:linux:mariadb-embedded", "p-cpe:/a:oracle:linux:mariadb-embedded-devel", "p-cpe:/a:oracle:linux:mariadb-errmsg", "p-cpe:/a:oracle:linux:mariadb-gssapi-server", "p-cpe:/a:oracle:linux:mariadb-oqgraph-engine", "p-cpe:/a:oracle:linux:mariadb-pam", "p-cpe:/a:oracle:linux:mariadb-server", "p-cpe:/a:oracle:linux:mariadb-server-galera", "p-cpe:/a:oracle:linux:mariadb-server-utils", "p-cpe:/a:oracle:linux:mariadb-test"], "id": "ORACLELINUX_ELSA-2022-5826.NASL", "href": "https://www.tenable.com/plugins/nessus/163808", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-5826.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163808);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\"\n );\n\n script_name(english:\"Oracle Linux 8 : mariadb:10.5 (ELSA-2022-5826)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-5826 advisory.\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that\n SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that\n improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an\n unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability\n allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is\n required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The\n issue results from the lack of validating the existence of an object prior to performing operations on the\n object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in\n the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows\n local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to\n exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue\n results from the lack of proper validation of a user-supplied string before using it as a format\n specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code\n in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads,\n the held lock is not released correctly, which allows local users to trigger a denial of service due to\n the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held\n lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service\n due to the deadlock. (CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-5826.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:Judy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-test\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/mariadb');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\nif ('10.5' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mariadb:' + module_ver);\n\nvar appstreams = {\n 'mariadb:10.5': [\n {'reference':'galera-26.4.11-1.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-26.4.11-1.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module+el8.4.0+20040+caf70fad', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module+el8.4.0+20040+caf70fad', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.module+el8.6.0+20717+9b4a4c6e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Judy / galera / mariadb / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-19T15:02:30", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5826 advisory.\n\n - mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)\n\n - mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) (CVE-2021-46661)\n\n - mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements (CVE-2021-46663)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664)\n\n - mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations (CVE-2021-46665)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements (CVE-2021-46668)\n\n - mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed- length stack-based buffer (CVE-2022-24048)\n\n - mariadb: lack of validating the existence of an object prior to performing operations on the object (CVE-2022-24050)\n\n - mariadb: lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051)\n\n - mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)\n\n - mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)\n\n - mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)\n\n - mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)\n\n - mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)\n\n - mariadb: server crash at my_decimal::operator= (CVE-2022-27380)\n\n - mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)\n\n - mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order (CVE-2022-27382)\n\n - mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)\n\n - mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)\n\n - mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)\n\n - mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)\n\n - mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)\n\n - mariadb: assertion failure in compare_order_elements (CVE-2022-27445)\n\n - mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)\n\n - mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447, CVE-2022-27458)\n\n - mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)\n\n - mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)\n\n - mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)\n\n - mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)\n\n - mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)\n\n - mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)\n\n - mariadb: incorrect key in dup value error after long unique (CVE-2022-27457)\n\n - mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622, CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-02T00:00:00", "type": "nessus", "title": "RHEL 8 : mariadb:10.5 (RHSA-2022:5826)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-21595", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31622", "CVE-2022-31623"], "modified": "2023-10-17T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:judy", "p-cpe:/a:redhat:enterprise_linux:galera", "p-cpe:/a:redhat:enterprise_linux:mariadb", "p-cpe:/a:redhat:enterprise_linux:mariadb-backup", "p-cpe:/a:redhat:enterprise_linux:mariadb-common", "p-cpe:/a:redhat:enterprise_linux:mariadb-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-errmsg", "p-cpe:/a:redhat:enterprise_linux:mariadb-gssapi-server", "p-cpe:/a:redhat:enterprise_linux:mariadb-oqgraph-engine", "p-cpe:/a:redhat:enterprise_linux:mariadb-pam", "p-cpe:/a:redhat:enterprise_linux:mariadb-server", "p-cpe:/a:redhat:enterprise_linux:mariadb-server-galera", "p-cpe:/a:redhat:enterprise_linux:mariadb-server-utils", "p-cpe:/a:redhat:enterprise_linux:mariadb-test"], "id": "REDHAT-RHSA-2022-5826.NASL", "href": "https://www.tenable.com/plugins/nessus/163732", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:5826. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163732);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/17\");\n\n script_cve_id(\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-21595\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\"\n );\n script_xref(name:\"RHSA\", value:\"2022:5826\");\n\n script_name(english:\"RHEL 8 : mariadb:10.5 (RHSA-2022:5826)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:5826 advisory.\n\n - mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)\n\n - mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused\n common table expression (CTE) (CVE-2021-46661)\n\n - mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements\n (CVE-2021-46663)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value\n of aggr (CVE-2021-46664)\n\n - mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations (CVE-2021-46665)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements\n (CVE-2021-46668)\n\n - mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the\n BIGINT data type is used (CVE-2021-46669)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-\n length stack-based buffer (CVE-2022-24048)\n\n - mariadb: lack of validating the existence of an object prior to performing operations on the object\n (CVE-2022-24050)\n\n - mariadb: lack of proper validation of a user-supplied string before using it as a format specifier\n (CVE-2022-24051)\n\n - mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)\n\n - mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)\n\n - mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)\n\n - mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)\n\n - mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)\n\n - mariadb: server crash at my_decimal::operator= (CVE-2022-27380)\n\n - mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)\n\n - mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order\n (CVE-2022-27382)\n\n - mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)\n\n - mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)\n\n - mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)\n\n - mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)\n\n - mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)\n\n - mariadb: assertion failure in compare_order_elements (CVE-2022-27445)\n\n - mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)\n\n - mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447, CVE-2022-27458)\n\n - mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)\n\n - mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)\n\n - mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)\n\n - mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)\n\n - mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)\n\n - mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)\n\n - mariadb: incorrect key in dup value error after long unique (CVE-2022-27457)\n\n - mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622,\n CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:5826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2049302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2068211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2068233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2068234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2069833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2076144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2076145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142862\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 89, 119, 120, 122, 400, 404, 416, 476, 617, 667, 1173);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:Judy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'mariadb:10.5': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'galera-26.4.11-1.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module+el8.4.0+9031+9abc7af9', 'sp':'6', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.module+el8.6.0+15639+405b7427', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'galera-26.4.11-1.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module+el8.4.0+9031+9abc7af9', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.module+el8.6.0+15639+405b7427', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/mariadb');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\nif ('10.5' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mariadb:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Judy / galera / mariadb / mariadb-backup / mariadb-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-12T13:31:04", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5826 advisory.\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21595)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-11-06T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : mariadb:10.5 (RLSA-2022:5826)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-21595", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31622", "CVE-2022-31623"], "modified": "2023-11-06T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:judy", "p-cpe:/a:rocky:linux:judy-debuginfo", "p-cpe:/a:rocky:linux:judy-debugsource", "p-cpe:/a:rocky:linux:galera", "p-cpe:/a:rocky:linux:galera-debuginfo", "p-cpe:/a:rocky:linux:galera-debugsource", "p-cpe:/a:rocky:linux:mariadb", "p-cpe:/a:rocky:linux:mariadb-backup", "p-cpe:/a:rocky:linux:mariadb-backup-debuginfo", "p-cpe:/a:rocky:linux:mariadb-common", "p-cpe:/a:rocky:linux:mariadb-debuginfo", "p-cpe:/a:rocky:linux:mariadb-debugsource", "p-cpe:/a:rocky:linux:mariadb-devel", "p-cpe:/a:rocky:linux:mariadb-embedded", "p-cpe:/a:rocky:linux:mariadb-embedded-debuginfo", "p-cpe:/a:rocky:linux:mariadb-embedded-devel", "p-cpe:/a:rocky:linux:mariadb-errmsg", "p-cpe:/a:rocky:linux:mariadb-gssapi-server", "p-cpe:/a:rocky:linux:mariadb-gssapi-server-debuginfo", "p-cpe:/a:rocky:linux:mariadb-oqgraph-engine", "p-cpe:/a:rocky:linux:mariadb-oqgraph-engine-debuginfo", "p-cpe:/a:rocky:linux:mariadb-pam", "p-cpe:/a:rocky:linux:mariadb-pam-debuginfo", "p-cpe:/a:rocky:linux:mariadb-server", "p-cpe:/a:rocky:linux:mariadb-server-debuginfo", "p-cpe:/a:rocky:linux:mariadb-server-galera", "p-cpe:/a:rocky:linux:mariadb-server-utils", "p-cpe:/a:rocky:linux:mariadb-server-utils-debuginfo", "p-cpe:/a:rocky:linux:mariadb-test", "p-cpe:/a:rocky:linux:mariadb-test-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2022-5826.NASL", "href": "https://www.tenable.com/plugins/nessus/184563", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:5826.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(184563);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/06\");\n\n script_cve_id(\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-21595\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\"\n );\n script_xref(name:\"RLSA\", value:\"2022:5826\");\n\n script_name(english:\"Rocky Linux 8 : mariadb:10.5 (RLSA-2022:5826)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2022:5826 advisory.\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that\n SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an\n unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that\n improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21595)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability\n allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is\n required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The\n issue results from the lack of validating the existence of an object prior to performing operations on the\n object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in\n the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows\n local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to\n exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue\n results from the lack of proper validation of a user-supplied string before using it as a format\n specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code\n in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads,\n the held lock is not released correctly, which allows local users to trigger a denial of service due to\n the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held\n lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service\n due to the deadlock. (CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:5826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2049302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2068211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2068233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2068234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2069833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2076144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2076145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2092354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2092360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2095290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2096281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2096934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2096935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2096936\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:Judy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:Judy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:Judy-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:galera-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:galera-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-backup-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-embedded-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-gssapi-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-oqgraph-engine-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-pam-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-server-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar module_ver = get_kb_item('Host/RockyLinux/appstream/mariadb');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\nif ('10.5' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mariadb:' + module_ver);\n\nvar appstreams = {\n 'mariadb:10.5': [\n {'reference':'galera-26.4.11-1.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-26.4.11-1.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-debuginfo-26.4.11-1.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-debuginfo-26.4.11-1.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-debugsource-26.4.11-1.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-debugsource-26.4.11-1.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module+el8.4.0+427+adf35707', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module+el8.4.0+427+adf35707', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-debuginfo-1.0.5-18.module+el8.4.0+427+adf35707', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-debuginfo-1.0.5-18.module+el8.4.0+427+adf35707', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-debugsource-1.0.5-18.module+el8.4.0+427+adf35707', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-debugsource-1.0.5-18.module+el8.4.0+427+adf35707', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-debugsource-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-debugsource-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-debuginfo-10.5.16-2.module+el8.6.0+995+5ac2a483', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RockyLinux/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var package_array ( appstreams[module] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Judy / Judy-debuginfo / Judy-debugsource / galera / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-24T15:37:39", "description": "The version of MariaDB installed on the remote host is prior to 10.4.26. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10426-release-notes advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-21T00:00:00", "type": "nessus", "title": "MariaDB 10.4.0 < 10.4.26 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25032", "CVE-2022-21427", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-32081", "CVE-2022-32084", "CVE-2022-32089", "CVE-2022-32091", "CVE-2022-38791", "CVE-2023-5157"], "modified": "2023-11-23T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_4_26.NASL", "href": "https://www.tenable.com/plugins/nessus/162409", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162409);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/23\");\n\n script_cve_id(\n \"CVE-2018-25032\",\n \"CVE-2022-32081\",\n \"CVE-2022-32084\",\n \"CVE-2022-32089\",\n \"CVE-2022-32091\",\n \"CVE-2022-38791\",\n \"CVE-2023-5157\"\n );\n\n script_name(english:\"MariaDB 10.4.0 < 10.4.26 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.4.26. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mariadb-10426-release-notes advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10-4-26-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.4.26 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32081\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2023-5157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mariadb_nix_installed.nbin\", \"mariadb_win_installed.nbin\", \"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"installed_sw/MariaDB\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'MariaDB');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [\n { 'min_version' : '10.4', 'fixed_version' : '10.4.26' }\n];\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n require_paranoia:TRUE,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-30T16:28:11", "description": "The version of MariaDB installed on the remote host is prior to 10.3.35. It is, therefore, affected by multiple vulnerabilities as referenced in the mdb-10335-rn advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "MariaDB 10.3.0 < 10.3.35 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46669", "CVE-2022-21427", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27445", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27452", "CVE-2022-27456", "CVE-2022-27458", "CVE-2022-32083", "CVE-2022-32085", "CVE-2022-32087", "CVE-2022-32088"], "modified": "2023-08-25T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_3_35.NASL", "href": "https://www.tenable.com/plugins/nessus/160720", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160720);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/25\");\n\n script_cve_id(\n \"CVE-2021-46669\",\n \"CVE-2022-21427\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27445\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27452\",\n \"CVE-2022-27456\",\n \"CVE-2022-27458\",\n \"CVE-2022-32083\",\n \"CVE-2022-32085\",\n \"CVE-2022-32087\",\n \"CVE-2022-32088\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0168-S\");\n\n script_name(english:\"MariaDB 10.3.0 < 10.3.35 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.3.35. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mdb-10335-rn advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10-3-35-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.3.35 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32088\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mariadb_nix_installed.nbin\", \"mariadb_win_installed.nbin\", \"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'MariaDB');\n\nif (!(app_info.local) && report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, 'MariaDB');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [\n { 'min_version' : '10.3', 'fixed_version' : '10.3.35' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-24T17:09:15", "description": "The version of MariaDB installed on the remote host is prior to 10.5.16. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10516-release-notes advisory.\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "MariaDB 10.5.0 < 10.5.16 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46669", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-32083", "CVE-2022-32085", "CVE-2022-32086", "CVE-2022-32087", "CVE-2022-32088"], "modified": "2023-08-23T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_5_16.NASL", "href": "https://www.tenable.com/plugins/nessus/160722", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160722);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/23\");\n\n script_cve_id(\n \"CVE-2021-46669\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-32083\",\n \"CVE-2022-32085\",\n \"CVE-2022-32086\",\n \"CVE-2022-32087\",\n \"CVE-2022-32088\"\n );\n\n script_name(english:\"MariaDB 10.5.0 < 10.5.16 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.5.16. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mariadb-10516-release-notes advisory.\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10-5-16-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.5.16 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32088\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mariadb_nix_installed.nbin\", \"mariadb_win_installed.nbin\", \"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'MariaDB');\n\nif (!(app_info.local) && report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, 'MariaDB');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [\n { 'min_version' : '10.5', 'fixed_version' : '10.5.16' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-24T16:58:07", "description": "The version of MariaDB installed on the remote host is prior to 10.4.25. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10425-release-notes advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "MariaDB 10.4.0 < 10.4.25 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46669", "CVE-2022-21427", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-32083", "CVE-2022-32085", "CVE-2022-32086", "CVE-2022-32087", "CVE-2022-32088"], "modified": "2023-08-23T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_4_25.NASL", "href": "https://www.tenable.com/plugins/nessus/160721", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160721);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/23\");\n\n script_cve_id(\n \"CVE-2021-46669\",\n \"CVE-2022-21427\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-32083\",\n \"CVE-2022-32085\",\n \"CVE-2022-32086\",\n \"CVE-2022-32087\",\n \"CVE-2022-32088\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0168-S\");\n\n script_name(english:\"MariaDB 10.4.0 < 10.4.25 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.4.25. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mariadb-10425-release-notes advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10-4-25-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.4.25 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32088\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mariadb_nix_installed.nbin\", \"mariadb_win_installed.nbin\", \"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'MariaDB');\n\nif (!(app_info.local) && report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, 'MariaDB');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [\n { 'min_version' : '10.4', 'fixed_version' : '10.4.25' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-20T16:30:29", "description": "The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5948 advisory.\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "Oracle Linux 9 : galera, / mariadb, / and / mysql-selinux (ELSA-2022-5948)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31622", "CVE-2022-31623"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:galera", "p-cpe:/a:oracle:linux:mariadb", "p-cpe:/a:oracle:linux:mariadb-backup", "p-cpe:/a:oracle:linux:mariadb-common", "p-cpe:/a:oracle:linux:mariadb-devel", "p-cpe:/a:oracle:linux:mariadb-embedded", "p-cpe:/a:oracle:linux:mariadb-embedded-devel", "p-cpe:/a:oracle:linux:mariadb-errmsg", "p-cpe:/a:oracle:linux:mariadb-gssapi-server", "p-cpe:/a:oracle:linux:mariadb-oqgraph-engine", "p-cpe:/a:oracle:linux:mariadb-pam", "p-cpe:/a:oracle:linux:mariadb-server", "p-cpe:/a:oracle:linux:mariadb-server-galera", "p-cpe:/a:oracle:linux:mariadb-server-utils", "p-cpe:/a:oracle:linux:mariadb-test", "p-cpe:/a:oracle:linux:mysql-selinux"], "id": "ORACLELINUX_ELSA-2022-5948.NASL", "href": "https://www.tenable.com/plugins/nessus/164033", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-5948.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164033);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\"\n );\n\n script_name(english:\"Oracle Linux 9 : galera, / mariadb, / and / mysql-selinux (ELSA-2022-5948)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-5948 advisory.\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that\n SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that\n improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an\n unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability\n allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is\n required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The\n issue results from the lack of validating the existence of an object prior to performing operations on the\n object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in\n the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows\n local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to\n exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue\n results from the lack of proper validation of a user-supplied string before using it as a format\n specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code\n in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads,\n the held lock is not released correctly, which allows local users to trigger a denial of service due to\n the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held\n lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service\n due to the deadlock. (CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-5948.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-selinux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'galera-26.4.11-1.0.1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-26.4.11-1.0.1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mysql-selinux-1.0.5-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'galera / mariadb / mariadb-backup / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-12T13:32:35", "description": "The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5948 advisory.\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21595)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-11-06T00:00:00", "type": "nessus", "title": "Rocky Linux 9 : galera, mariadb, and mysql-selinux (RLSA-2022:5948)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-21595", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31622", "CVE-2022-31623"], "modified": "2023-11-06T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:galera", "p-cpe:/a:rocky:linux:galera-debuginfo", "p-cpe:/a:rocky:linux:galera-debugsource", "p-cpe:/a:rocky:linux:mariadb", "p-cpe:/a:rocky:linux:mariadb-backup", "p-cpe:/a:rocky:linux:mariadb-backup-debuginfo", "p-cpe:/a:rocky:linux:mariadb-common", "p-cpe:/a:rocky:linux:mariadb-debuginfo", "p-cpe:/a:rocky:linux:mariadb-debugsource", "p-cpe:/a:rocky:linux:mariadb-devel", "p-cpe:/a:rocky:linux:mariadb-embedded", "p-cpe:/a:rocky:linux:mariadb-embedded-debuginfo", "p-cpe:/a:rocky:linux:mariadb-embedded-devel", "p-cpe:/a:rocky:linux:mariadb-errmsg", "p-cpe:/a:rocky:linux:mariadb-gssapi-server", "p-cpe:/a:rocky:linux:mariadb-gssapi-server-debuginfo", "p-cpe:/a:rocky:linux:mariadb-oqgraph-engine", "p-cpe:/a:rocky:linux:mariadb-oqgraph-engine-debuginfo", "p-cpe:/a:rocky:linux:mariadb-pam", "p-cpe:/a:rocky:linux:mariadb-pam-debuginfo", "p-cpe:/a:rocky:linux:mariadb-server", "p-cpe:/a:rocky:linux:mariadb-server-debuginfo", "p-cpe:/a:rocky:linux:mariadb-server-galera", "p-cpe:/a:rocky:linux:mariadb-server-utils", "p-cpe:/a:rocky:linux:mariadb-server-utils-debuginfo", "p-cpe:/a:rocky:linux:mariadb-test", "p-cpe:/a:rocky:linux:mariadb-test-debuginfo", "p-cpe:/a:rocky:linux:mysql-selinux", "cpe:/o:rocky:linux:9"], "id": "ROCKY_LINUX_RLSA-2022-5948.NASL", "href": "https://www.tenable.com/plugins/nessus/184672", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:5948.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(184672);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/06\");\n\n script_cve_id(\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-21595\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\"\n );\n script_xref(name:\"RLSA\", value:\"2022:5948\");\n\n script_name(english:\"Rocky Linux 9 : galera, mariadb, and mysql-selinux (RLSA-2022:5948)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2022:5948 advisory.\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that\n SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an\n unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that\n improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21595)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability\n allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is\n required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The\n issue results from the lack of validating the existence of an object prior to performing operations on the\n object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in\n the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows\n local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to\n exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue\n results from the lack of proper validation of a user-supplied string before using it as a format\n specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code\n in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads,\n the held lock is not released correctly, which allows local users to trigger a denial of service due to\n the deadlock. (CVE-2022-31622)\n\n - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when\n an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held\n lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service\n due to the deadlock. (CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:5948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2049302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2068211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2068233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2068234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2069833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2074999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2075701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2076144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2076145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2092354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2092360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2096271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2096274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2096276\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2096277\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:galera-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:galera-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-backup-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-embedded-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-gssapi-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-oqgraph-engine-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-pam-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-server-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mariadb-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mysql-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:9\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 9.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'galera-26.4.11-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-26.4.11-1.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-26.4.11-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-debuginfo-26.4.11-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-debuginfo-26.4.11-1.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-debuginfo-26.4.11-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-debugsource-26.4.11-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-debugsource-26.4.11-1.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'galera-debugsource-26.4.11-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-debuginfo-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-debuginfo-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-debuginfo-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-debuginfo-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-debuginfo-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-debuginfo-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-debugsource-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-debugsource-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-debugsource-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-debuginfo-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-debuginfo-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-debuginfo-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-debuginfo-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-debuginfo-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-debuginfo-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-debuginfo-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-debuginfo-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-debuginfo-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-debuginfo-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-debuginfo-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-debuginfo-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-debuginfo-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-debuginfo-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-debuginfo-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-debuginfo-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-debuginfo-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-debuginfo-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-debuginfo-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-debuginfo-10.5.16-2.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-debuginfo-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mysql-selinux-1.0.5-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'galera / galera-debuginfo / galera-debugsource / mariadb / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-19T15:01:42", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5948 advisory.\n\n - mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)\n\n - mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) (CVE-2021-46661)\n\n - mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements (CVE-2021-46663)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664)\n\n - mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations (CVE-2021-46665)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements (CVE-2021-46668)\n\n - mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed- length stack-based buffer (CVE-2022-24048)\n\n - mariadb: lack of validating the existence of an object prior to performing operations on the object (CVE-2022-24050)\n\n - mariadb: lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051)\n\n - mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)\n\n - mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)\n\n - mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)\n\n - mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)\n\n - mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)\n\n - mariadb: server crash at my_decimal::operator= (CVE-2022-27380)\n\n - mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)\n\n - mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order (CVE-2022-27382)\n\n - mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)\n\n - mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)\n\n - mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)\n\n - mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)\n\n - mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)\n\n - mariadb: assertion failure in compare_order_elements (CVE-2022-27445)\n\n - mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)\n\n - mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447, CVE-2022-27458)\n\n - mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)\n\n - mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)\n\n - mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)\n\n - mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)\n\n - mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)\n\n - mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)\n\n - mariadb: incorrect key in dup value error after long unique (CVE-2022-27457)\n\n - mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622, CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "RHEL 9 : galera, mariadb, and mysql-selinux (RHSA-2022:5948)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-21595", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31622", "CVE-2022-31623"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:9", "cpe:/o:redhat:rhel_aus:9.2", "cpe:/o:redhat:rhel_e4s:9.0", "cpe:/o:redhat:rhel_e4s:9.2", "cpe:/o:redhat:rhel_eus:9.0", "cpe:/o:redhat:rhel_eus:9.2", "p-cpe:/a:redhat:enterprise_linux:mariadb", "p-cpe:/a:redhat:enterprise_linux:mariadb-backup", "p-cpe:/a:redhat:enterprise_linux:mariadb-common", "p-cpe:/a:redhat:enterprise_linux:mariadb-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-errmsg", "p-cpe:/a:redhat:enterprise_linux:mariadb-gssapi-server", "p-cpe:/a:redhat:enterprise_linux:mariadb-oqgraph-engine", "p-cpe:/a:redhat:enterprise_linux:mariadb-pam", "p-cpe:/a:redhat:enterprise_linux:mariadb-server", "p-cpe:/a:redhat:enterprise_linux:mariadb-server-galera", "p-cpe:/a:redhat:enterprise_linux:mariadb-server-utils", "p-cpe:/a:redhat:enterprise_linux:mariadb-test"], "id": "REDHAT-RHSA-2022-5948.NASL", "href": "https://www.tenable.com/plugins/nessus/163960", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:5948. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163960);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-21595\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\"\n );\n script_xref(name:\"RHSA\", value:\"2022:5948\");\n\n script_name(english:\"RHEL 9 : galera, mariadb, and mysql-selinux (RHSA-2022:5948)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:5948 advisory.\n\n - mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)\n\n - mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused\n common table expression (CTE) (CVE-2021-46661)\n\n - mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements\n (CVE-2021-46663)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value\n of aggr (CVE-2021-46664)\n\n - mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations (CVE-2021-46665)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements\n (CVE-2021-46668)\n\n - mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the\n BIGINT data type is used (CVE-2021-46669)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-\n length stack-based buffer (CVE-2022-24048)\n\n - mariadb: lack of validating the existence of an object prior to performing operations on the object\n (CVE-2022-24050)\n\n - mariadb: lack of proper validation of a user-supplied string before using it as a format specifier\n (CVE-2022-24051)\n\n - mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)\n\n - mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)\n\n - mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)\n\n - mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)\n\n - mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)\n\n - mariadb: server crash at my_decimal::operator= (CVE-2022-27380)\n\n - mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)\n\n - mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order\n (CVE-2022-27382)\n\n - mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)\n\n - mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)\n\n - mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)\n\n - mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)\n\n - mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)\n\n - mariadb: assertion failure in compare_order_elements (CVE-2022-27445)\n\n - mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)\n\n - mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447, CVE-2022-27458)\n\n - mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)\n\n - mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)\n\n - mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)\n\n - mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)\n\n - mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)\n\n - mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)\n\n - mariadb: incorrect key in dup value error after long unique (CVE-2022-27457)\n\n - mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622,\n CVE-2022-31623)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:5948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2049302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2068211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2068233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2068234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2069833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2076144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2076145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142862\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 89, 119, 120, 122, 400, 404, 416, 476, 617, 667, 1173);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel9/9.2/x86_64/appstream/debug',\n 'content/aus/rhel9/9.2/x86_64/appstream/os',\n 'content/aus/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel9/9.2/x86_64/baseos/debug',\n 'content/aus/rhel9/9.2/x86_64/baseos/os',\n 'content/aus/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/appstream/debug',\n 'content/e4s/rhel9/9.2/aarch64/appstream/os',\n 'content/e4s/rhel9/9.2/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/baseos/debug',\n 'content/e4s/rhel9/9.2/aarch64/baseos/os',\n 'content/e4s/rhel9/9.2/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/debug',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/os',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/debug',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/os',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/debug',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/os',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/os',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/debug',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/os',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/sap/debug',\n 'content/e4s/rhel9/9.2/ppc64le/sap/os',\n 'content/e4s/rhel9/9.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/appstream/debug',\n 'content/e4s/rhel9/9.2/s390x/appstream/os',\n 'content/e4s/rhel9/9.2/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/baseos/debug',\n 'content/e4s/rhel9/9.2/s390x/baseos/os',\n 'content/e4s/rhel9/9.2/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/highavailability/debug',\n 'content/e4s/rhel9/9.2/s390x/highavailability/os',\n 'content/e4s/rhel9/9.2/s390x/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/resilientstorage/debug',\n 'content/e4s/rhel9/9.2/s390x/resilientstorage/os',\n 'content/e4s/rhel9/9.2/s390x/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/sap/debug',\n 'content/e4s/rhel9/9.2/s390x/sap/os',\n 'content/e4s/rhel9/9.2/s390x/sap/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/appstream/debug',\n 'content/e4s/rhel9/9.2/x86_64/appstream/os',\n 'content/e4s/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/baseos/debug',\n 'content/e4s/rhel9/9.2/x86_64/baseos/os',\n 'content/e4s/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/debug',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/os',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/debug',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/os',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/sap/debug',\n 'content/e4s/rhel9/9.2/x86_64/sap/os',\n 'content/e4s/rhel9/9.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/appstream/debug',\n 'content/eus/rhel9/9.2/aarch64/appstream/os',\n 'content/eus/rhel9/9.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/baseos/debug',\n 'content/eus/rhel9/9.2/aarch64/baseos/os',\n 'content/eus/rhel9/9.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/os',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/highavailability/debug',\n 'content/eus/rhel9/9.2/aarch64/highavailability/os',\n 'content/eus/rhel9/9.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/supplementary/debug',\n 'content/eus/rhel9/9.2/aarch64/supplementary/os',\n 'content/eus/rhel9/9.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/appstream/debug',\n 'content/eus/rhel9/9.2/ppc64le/appstream/os',\n 'content/eus/rhel9/9.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/baseos/debug',\n 'content/eus/rhel9/9.2/ppc64le/baseos/os',\n 'content/eus/rhel9/9.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/debug',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/os',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/sap/debug',\n 'content/eus/rhel9/9.2/ppc64le/sap/os',\n 'content/eus/rhel9/9.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/debug',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/os',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/appstream/debug',\n 'content/eus/rhel9/9.2/s390x/appstream/os',\n 'content/eus/rhel9/9.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/baseos/debug',\n 'content/eus/rhel9/9.2/s390x/baseos/os',\n 'content/eus/rhel9/9.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/codeready-builder/debug',\n 'content/eus/rhel9/9.2/s390x/codeready-builder/os',\n 'content/eus/rhel9/9.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/highavailability/debug',\n 'content/eus/rhel9/9.2/s390x/highavailability/os',\n 'content/eus/rhel9/9.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/resilientstorage/debug',\n 'content/eus/rhel9/9.2/s390x/resilientstorage/os',\n 'content/eus/rhel9/9.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/sap/debug',\n 'content/eus/rhel9/9.2/s390x/sap/os',\n 'content/eus/rhel9/9.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/supplementary/debug',\n 'content/eus/rhel9/9.2/s390x/supplementary/os',\n 'content/eus/rhel9/9.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/appstream/debug',\n 'content/eus/rhel9/9.2/x86_64/appstream/os',\n 'content/eus/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/baseos/debug',\n 'content/eus/rhel9/9.2/x86_64/baseos/os',\n 'content/eus/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/os',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/highavailability/debug',\n 'content/eus/rhel9/9.2/x86_64/highavailability/os',\n 'content/eus/rhel9/9.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/os',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/os',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/sap/debug',\n 'content/eus/rhel9/9.2/x86_64/sap/os',\n 'content/eus/rhel9/9.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/supplementary/debug',\n 'content/eus/rhel9/9.2/x86_64/supplementary/os',\n 'content/eus/rhel9/9.2/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'mariadb-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel9/9/aarch64/appstream/debug',\n 'content/dist/rhel9/9/aarch64/appstream/os',\n 'content/dist/rhel9/9/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/baseos/debug',\n 'content/dist/rhel9/9/aarch64/baseos/os',\n 'content/dist/rhel9/9/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/codeready-builder/debug',\n 'content/dist/rhel9/9/aarch64/codeready-builder/os',\n 'content/dist/rhel9/9/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/highavailability/debug',\n 'content/dist/rhel9/9/aarch64/highavailability/os',\n 'content/dist/rhel9/9/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/supplementary/debug',\n 'content/dist/rhel9/9/aarch64/supplementary/os',\n 'content/dist/rhel9/9/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/appstream/debug',\n 'content/dist/rhel9/9/ppc64le/appstream/os',\n 'content/dist/rhel9/9/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/baseos/debug',\n 'content/dist/rhel9/9/ppc64le/baseos/os',\n 'content/dist/rhel9/9/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/debug',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/os',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/highavailability/debug',\n 'content/dist/rhel9/9/ppc64le/highavailability/os',\n 'content/dist/rhel9/9/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/debug',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/os',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/debug',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/os',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap/debug',\n 'content/dist/rhel9/9/ppc64le/sap/os',\n 'content/dist/rhel9/9/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/supplementary/debug',\n 'content/dist/rhel9/9/ppc64le/supplementary/os',\n 'content/dist/rhel9/9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/s390x/appstream/debug',\n 'content/dist/rhel9/9/s390x/appstream/os',\n 'content/dist/rhel9/9/s390x/appstream/source/SRPMS',\n 'content/dist/rhel9/9/s390x/baseos/debug',\n 'content/dist/rhel9/9/s390x/baseos/os',\n 'content/dist/rhel9/9/s390x/baseos/source/SRPMS',\n 'content/dist/rhel9/9/s390x/codeready-builder/debug',\n 'content/dist/rhel9/9/s390x/codeready-builder/os',\n 'content/dist/rhel9/9/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/s390x/highavailability/debug',\n 'content/dist/rhel9/9/s390x/highavailability/os',\n 'content/dist/rhel9/9/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/s390x/resilientstorage/debug',\n 'content/dist/rhel9/9/s390x/resilientstorage/os',\n 'content/dist/rhel9/9/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/s390x/sap/debug',\n 'content/dist/rhel9/9/s390x/sap/os',\n 'content/dist/rhel9/9/s390x/sap/source/SRPMS',\n 'content/dist/rhel9/9/s390x/supplementary/debug',\n 'content/dist/rhel9/9/s390x/supplementary/os',\n 'content/dist/rhel9/9/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/appstream/debug',\n 'content/dist/rhel9/9/x86_64/appstream/os',\n 'content/dist/rhel9/9/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/baseos/debug',\n 'content/dist/rhel9/9/x86_64/baseos/os',\n 'content/dist/rhel9/9/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/codeready-builder/debug',\n 'content/dist/rhel9/9/x86_64/codeready-builder/os',\n 'content/dist/rhel9/9/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/highavailability/debug',\n 'content/dist/rhel9/9/x86_64/highavailability/os',\n 'content/dist/rhel9/9/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/nfv/debug',\n 'content/dist/rhel9/9/x86_64/nfv/os',\n 'content/dist/rhel9/9/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/resilientstorage/debug',\n 'content/dist/rhel9/9/x86_64/resilientstorage/os',\n 'content/dist/rhel9/9/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/rt/debug',\n 'content/dist/rhel9/9/x86_64/rt/os',\n 'content/dist/rhel9/9/x86_64/rt/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap-solutions/debug',\n 'content/dist/rhel9/9/x86_64/sap-solutions/os',\n 'content/dist/rhel9/9/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap/debug',\n 'content/dist/rhel9/9/x86_64/sap/os',\n 'content/dist/rhel9/9/x86_64/sap/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/supplementary/debug',\n 'content/dist/rhel9/9/x86_64/supplementary/os',\n 'content/dist/rhel9/9/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'mariadb-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel9/9.0/aarch64/appstream/debug',\n 'content/e4s/rhel9/9.0/aarch64/appstream/os',\n 'content/e4s/rhel9/9.0/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/aarch64/baseos/debug',\n 'content/e4s/rhel9/9.0/aarch64/baseos/os',\n 'content/e4s/rhel9/9.0/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/debug',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/os',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/appstream/debug',\n 'content/e4s/rhel9/9.0/ppc64le/appstream/os',\n 'content/e4s/rhel9/9.0/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/baseos/debug',\n 'content/e4s/rhel9/9.0/ppc64le/baseos/os',\n 'content/e4s/rhel9/9.0/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/highavailability/debug',\n 'content/e4s/rhel9/9.0/ppc64le/highavailability/os',\n 'content/e4s/rhel9/9.0/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/resilientstorage/debug',\n 'content/e4s/rhel9/9.0/ppc64le/resilientstorage/os',\n 'content/e4s/rhel9/9.0/ppc64le/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel9/9.0/ppc64le/sap-solutions/os',\n 'content/e4s/rhel9/9.0/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/sap/debug',\n 'content/e4s/rhel9/9.0/ppc64le/sap/os',\n 'content/e4s/rhel9/9.0/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/appstream/debug',\n 'content/e4s/rhel9/9.0/s390x/appstream/os',\n 'content/e4s/rhel9/9.0/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/baseos/debug',\n 'content/e4s/rhel9/9.0/s390x/baseos/os',\n 'content/e4s/rhel9/9.0/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/highavailability/debug',\n 'content/e4s/rhel9/9.0/s390x/highavailability/os',\n 'content/e4s/rhel9/9.0/s390x/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/debug',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/os',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/sap/debug',\n 'content/e4s/rhel9/9.0/s390x/sap/os',\n 'content/e4s/rhel9/9.0/s390x/sap/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/appstream/debug',\n 'content/e4s/rhel9/9.0/x86_64/appstream/os',\n 'content/e4s/rhel9/9.0/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/baseos/debug',\n 'content/e4s/rhel9/9.0/x86_64/baseos/os',\n 'content/e4s/rhel9/9.0/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/debug',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/os',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/nfv/debug',\n 'content/e4s/rhel9/9.0/x86_64/nfv/os',\n 'content/e4s/rhel9/9.0/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/debug',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/os',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/rt/debug',\n 'content/e4s/rhel9/9.0/x86_64/rt/os',\n 'content/e4s/rhel9/9.0/x86_64/rt/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/debug',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/os',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/sap/debug',\n 'content/e4s/rhel9/9.0/x86_64/sap/os',\n 'content/e4s/rhel9/9.0/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/appstream/debug',\n 'content/eus/rhel9/9.0/aarch64/appstream/os',\n 'content/eus/rhel9/9.0/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/baseos/debug',\n 'content/eus/rhel9/9.0/aarch64/baseos/os',\n 'content/eus/rhel9/9.0/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/debug',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/os',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/highavailability/debug',\n 'content/eus/rhel9/9.0/aarch64/highavailability/os',\n 'content/eus/rhel9/9.0/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/supplementary/debug',\n 'content/eus/rhel9/9.0/aarch64/supplementary/os',\n 'content/eus/rhel9/9.0/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/appstream/debug',\n 'content/eus/rhel9/9.0/ppc64le/appstream/os',\n 'content/eus/rhel9/9.0/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/baseos/debug',\n 'content/eus/rhel9/9.0/ppc64le/baseos/os',\n 'content/eus/rhel9/9.0/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/codeready-builder/debug',\n 'content/eus/rhel9/9.0/ppc64le/codeready-builder/os',\n 'content/eus/rhel9/9.0/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/highavailability/debug',\n 'content/eus/rhel9/9.0/ppc64le/highavailability/os',\n 'content/eus/rhel9/9.0/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/resilientstorage/debug',\n 'content/eus/rhel9/9.0/ppc64le/resilientstorage/os',\n 'content/eus/rhel9/9.0/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/sap-solutions/debug',\n 'content/eus/rhel9/9.0/ppc64le/sap-solutions/os',\n 'content/eus/rhel9/9.0/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/sap/debug',\n 'content/eus/rhel9/9.0/ppc64le/sap/os',\n 'content/eus/rhel9/9.0/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/supplementary/debug',\n 'content/eus/rhel9/9.0/ppc64le/supplementary/os',\n 'content/eus/rhel9/9.0/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/appstream/debug',\n 'content/eus/rhel9/9.0/s390x/appstream/os',\n 'content/eus/rhel9/9.0/s390x/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/baseos/debug',\n 'content/eus/rhel9/9.0/s390x/baseos/os',\n 'content/eus/rhel9/9.0/s390x/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/debug',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/os',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/highavailability/debug',\n 'content/eus/rhel9/9.0/s390x/highavailability/os',\n 'content/eus/rhel9/9.0/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/debug',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/os',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/sap/debug',\n 'content/eus/rhel9/9.0/s390x/sap/os',\n 'content/eus/rhel9/9.0/s390x/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/supplementary/debug',\n 'content/eus/rhel9/9.0/s390x/supplementary/os',\n 'content/eus/rhel9/9.0/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/appstream/debug',\n 'content/eus/rhel9/9.0/x86_64/appstream/os',\n 'content/eus/rhel9/9.0/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/baseos/debug',\n 'content/eus/rhel9/9.0/x86_64/baseos/os',\n 'content/eus/rhel9/9.0/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/debug',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/os',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/highavailability/debug',\n 'content/eus/rhel9/9.0/x86_64/highavailability/os',\n 'content/eus/rhel9/9.0/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/debug',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/os',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/debug',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/os',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/sap/debug',\n 'content/eus/rhel9/9.0/x86_64/sap/os',\n 'content/eus/rhel9/9.0/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/supplementary/debug',\n 'content/eus/rhel9/9.0/x86_64/supplementary/os',\n 'content/eus/rhel9/9.0/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'mariadb-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mariadb / mariadb-backup / mariadb-common / mariadb-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-03T21:45:44", "description": "The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5948 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-16T00:00:00", "type": "nessus", "title": "AlmaLinux 9 : galera, mariadb, and mysql-selinux (ALSA-2022:5948)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31622", "CVE-2022-31623"], "modified": "2023-10-03T00:00:00", "cpe": ["p-cpe:/a:alma:linux:mariadb", "p-cpe:/a:alma:linux:mariadb-backup", "p-cpe:/a:alma:linux:mariadb-common", "p-cpe:/a:alma:linux:mariadb-devel", "p-cpe:/a:alma:linux:mariadb-embedded", "p-cpe:/a:alma:linux:mariadb-embedded-devel", "p-cpe:/a:alma:linux:mariadb-errmsg", "p-cpe:/a:alma:linux:mariadb-gssapi-server", "p-cpe:/a:alma:linux:mariadb-oqgraph-engine", "p-cpe:/a:alma:linux:mariadb-pam", "p-cpe:/a:alma:linux:mariadb-server", "p-cpe:/a:alma:linux:mariadb-server-galera", "p-cpe:/a:alma:linux:mariadb-server-utils", "p-cpe:/a:alma:linux:mariadb-test", "cpe:/o:alma:linux:9", "cpe:/o:alma:linux:9::appstream", "cpe:/o:alma:linux:9::crb"], "id": "ALMA_LINUX_ALSA-2022-5948.NASL", "href": "https://www.tenable.com/plugins/nessus/167668", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:5948.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167668);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/03\");\n\n script_cve_id(\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\"\n );\n script_xref(name:\"ALSA\", value:\"2022:5948\");\n\n script_name(english:\"AlmaLinux 9 : galera, mariadb, and mysql-selinux (ALSA-2022:5948)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:5948 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/9/ALSA-2022-5948.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 89, 119, 120, 400, 404, 416, 476, 617, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::crb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'mariadb-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.16-2.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mariadb / mariadb-backup / mariadb-common / mariadb-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T14:57:27", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4818 advisory.\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154, CVE-2021-2166)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372, CVE-2021-2389)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n - mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n - mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)\n\n - mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n - mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n - mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\n - mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join (CVE-2022-27385)\n\n - mariadb: improper locking due to unreleased lock in the ds_xbstream.cc (CVE-2022-31621)\n\n - mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c (CVE-2022-31624)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-31T00:00:00", "type": "nessus", "title": "RHEL 8 : mariadb:10.3 (RHSA-2022:4818)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-2154", "CVE-2021-2166", "CVE-2021-2372", "CVE-2021-2389", "CVE-2021-35604", "CVE-2021-46657", "CVE-2021-46658", "CVE-2021-46662", "CVE-2021-46666", "CVE-2021-46667", "CVE-2022-27385", "CVE-2022-31621", "CVE-2022-31624"], "modified": "2023-10-26T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:judy", "p-cpe:/a:redhat:enterprise_linux:galera", "p-cpe:/a:redhat:enterprise_linux:mariadb", "p-cpe:/a:redhat:enterprise_linux:mariadb-backup", "p-cpe:/a:redhat:enterprise_linux:mariadb-common", "p-cpe:/a:redhat:enterprise_linux:mariadb-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-errmsg", "p-cpe:/a:redhat:enterprise_linux:mariadb-gssapi-server", "p-cpe:/a:redhat:enterprise_linux:mariadb-oqgraph-engine", "p-cpe:/a:redhat:enterprise_linux:mariadb-server", "p-cpe:/a:redhat:enterprise_linux:mariadb-server-galera", "p-cpe:/a:redhat:enterprise_linux:mariadb-server-utils", "p-cpe:/a:redhat:enterprise_linux:mariadb-test"], "id": "REDHAT-RHSA-2022-4818.NASL", "href": "https://www.tenable.com/plugins/nessus/161718", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4818. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161718);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/26\");\n\n script_cve_id(\n \"CVE-2021-2154\",\n \"CVE-2021-2166\",\n \"CVE-2021-2372\",\n \"CVE-2021-2389\",\n \"CVE-2021-35604\",\n \"CVE-2021-46657\",\n \"CVE-2021-46658\",\n \"CVE-2021-46662\",\n \"CVE-2021-46666\",\n \"CVE-2021-46667\",\n \"CVE-2022-27385\",\n \"CVE-2022-31621\",\n \"CVE-2022-31624\"\n );\n script_xref(name:\"RHSA\", value:\"2022:4818\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 8 : mariadb:10.3 (RHSA-2022:4818)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:4818 advisory.\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154, CVE-2021-2166)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372, CVE-2021-2389)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n - mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n - mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)\n\n - mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n - mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n - mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\n - mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join (CVE-2022-27385)\n\n - mariadb: improper locking due to unreleased lock in the ds_xbstream.cc (CVE-2022-31621)\n\n - mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c\n (CVE-2022-31624)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1992303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1992309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2049294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2049305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092362\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35604\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 89, 190, 404, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:Judy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.4')) audit(AUDIT_OS_NOT, 'Red Hat 8.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'mariadb:10.3': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'galera-25.3.34-4.module+el8.4.0+15058+0c3d11c7', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module+el8+2765+cfa4f87b', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb-10.3.32-2.module+el8.4.0+15058+0c3d11c7', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.3.32-2.module+el8.4.0+15058+0c3d11c7', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.3.32-2.module+el8.4.0+15058+0c3d11c7', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.3.32-2.module+el8.4.0+15058+0c3d11c7', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.3.32-2.module+el8.4.0+15058+0c3d11c7', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.3.32-2.module+el8.4.0+15058+0c3d11c7', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.3.32-2.module+el8.4.0+15058+0c3d11c7', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.3.32-2.module+el8.4.0+15058+0c3d11c7', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.3.32-2.module+el8.4.0+15058+0c3d11c7', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.3.32-2.module+el8.4.0+15058+0c3d11c7', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.3.32-2.module+el8.4.0+15058+0c3d11c7', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.3.32-2.module+el8.4.0+15058+0c3d11c7', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.3.32-2.module+el8.4.0+15058+0c3d11c7', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/mariadb');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.3');\nif ('10.3' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mariadb:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.3');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Judy / galera / mariadb / mariadb-backup / mariadb-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:53:57", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5759 advisory.\n\n - mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)\n\n - mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) (CVE-2021-46661)\n\n - mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements (CVE-2021-46663)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664)\n\n - mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations (CVE-2021-46665)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements (CVE-2021-46668)\n\n - mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed- length stack-based buffer (CVE-2022-24048)\n\n - mariadb: lack of validating the existence of an object prior to performing operations on the object (CVE-2022-24050)\n\n - mariadb: lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051)\n\n - mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)\n\n - mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)\n\n - mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)\n\n - mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)\n\n - mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)\n\n - mariadb: server crash at my_decimal::operator= (CVE-2022-27380)\n\n - mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)\n\n - mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order (CVE-2022-27382)\n\n - mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)\n\n - mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)\n\n - mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)\n\n - mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)\n\n - mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)\n\n - mariadb: assertion failure in compare_order_elements (CVE-2022-27445)\n\n - mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)\n\n - mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447, CVE-2022-27458)\n\n - mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)\n\n - mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)\n\n - mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)\n\n - mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)\n\n - mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)\n\n - mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)\n\n - mariadb: incorrect key in dup value error after long unique (CVE-2022-27457)\n\n - mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622, CVE-2022-31623)\n\n - mariadb: server crash at Item_subselect::init_expr_cache_tracker (CVE-2022-32083)\n\n - mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor (CVE-2022-32085)\n\n - mariadb: server crash in Item_field::fix_outer_field for INSERT SELECT (CVE-2022-32086)\n\n - mariadb: server crash in Item_args::walk_args (CVE-2022-32087)\n\n - mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort (CVE-2022-32088)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-28T00:00:00", "type": "nessus", "title": "RHEL 7 : rh-mariadb105-galera and rh-mariadb105-mariadb (RHSA-2022:5759)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-21595", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458", "CVE-2022-31622", "CVE-2022-31623", "CVE-2022-32083", "CVE-2022-32085", "CVE-2022-32086", "CVE-2022-32087", "CVE-2022-32088"], "modified": "2023-10-17T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-backup", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-backup-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-common", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-config", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-config-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-connect-engine", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-devel", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-errmsg", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-gssapi-server", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-libs", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-oqgraph-engine", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-pam", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-galera", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-galera-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-utils", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-utils-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-test"], "id": "REDHAT-RHSA-2022-5759.NASL", "href": "https://www.tenable.com/plugins/nessus/163524", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:5759. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163524);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/17\");\n\n script_cve_id(\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\",\n \"CVE-2022-31622\",\n \"CVE-2022-31623\",\n \"CVE-2022-32083\",\n \"CVE-2022-32085\",\n \"CVE-2022-32086\",\n \"CVE-2022-32087\",\n \"CVE-2022-32088\"\n );\n script_xref(name:\"RHSA\", value:\"2022:5759\");\n\n script_name(english:\"RHEL 7 : rh-mariadb105-galera and rh-mariadb105-mariadb (RHSA-2022:5759)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:5759 advisory.\n\n - mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)\n\n - mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused\n common table expression (CTE) (CVE-2021-46661)\n\n - mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements\n (CVE-2021-46663)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value\n of aggr (CVE-2021-46664)\n\n - mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations (CVE-2021-46665)\n\n - mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements\n (CVE-2021-46668)\n\n - mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the\n BIGINT data type is used (CVE-2021-46669)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-\n length stack-based buffer (CVE-2022-24048)\n\n - mariadb: lack of validating the existence of an object prior to performing operations on the object\n (CVE-2022-24050)\n\n - mariadb: lack of proper validation of a user-supplied string before using it as a format specifier\n (CVE-2022-24051)\n\n - mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)\n\n - mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)\n\n - mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)\n\n - mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)\n\n - mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)\n\n - mariadb: server crash at my_decimal::operator= (CVE-2022-27380)\n\n - mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)\n\n - mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order\n (CVE-2022-27382)\n\n - mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)\n\n - mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)\n\n - mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)\n\n - mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)\n\n - mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)\n\n - mariadb: assertion failure in compare_order_elements (CVE-2022-27445)\n\n - mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)\n\n - mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447, CVE-2022-27458)\n\n - mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)\n\n - mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)\n\n - mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)\n\n - mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)\n\n - mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)\n\n - mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)\n\n - mariadb: incorrect key in dup value error after long unique (CVE-2022-27457)\n\n - mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622,\n CVE-2022-31623)\n\n - mariadb: server crash at Item_subselect::init_expr_cache_tracker (CVE-2022-32083)\n\n - mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor (CVE-2022-32085)\n\n - mariadb: server crash in Item_field::fix_outer_field for INSERT SELECT (CVE-2022-32086)\n\n - mariadb: server crash in Item_args::walk_args (CVE-2022-32087)\n\n - mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort\n (CVE-2022-32088)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-32083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-32085\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-32086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-32087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-32088\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:5759\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2049302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2068211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2068233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2068234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2069833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2076144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2076145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2106008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142862\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24052\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 89, 119, 120, 122, 229, 400, 404, 416, 476, 617, 667, 1173);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-backup-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-config-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-connect-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-galera-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-utils-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/os',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-mariadb105-mariadb-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-backup-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-backup-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-backup-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-backup-syspaths-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-backup-syspaths-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-backup-syspaths-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-common-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-common-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-common-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-config-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-config-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-config-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-config-syspaths-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-config-syspaths-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-config-syspaths-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-connect-engine-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-connect-engine-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-connect-engine-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-devel-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-devel-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-devel-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-errmsg-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-errmsg-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-errmsg-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-gssapi-server-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-gssapi-server-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-gssapi-server-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-libs-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-libs-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-libs-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-oqgraph-engine-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-oqgraph-engine-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-oqgraph-engine-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-pam-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-pam-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-pam-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-galera-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-galera-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-galera-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-galera-syspaths-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-galera-syspaths-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-galera-syspaths-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-syspaths-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-syspaths-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-syspaths-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-utils-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-utils-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-utils-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-utils-syspaths-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-utils-syspaths-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-utils-syspaths-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-syspaths-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-syspaths-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-syspaths-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-test-10.5.16-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-test-10.5.16-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-test-10.5.16-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-mariadb105-mariadb / rh-mariadb105-mariadb-backup / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-06T15:46:48", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2561-1 advisory.\n\n - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. (CVE-2021-46657)\n\n - save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. (CVE-2021-46658)\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. (CVE-2021-46669)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-28T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : mariadb (SUSE-SU-2022:2561-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46657", "CVE-2021-46658", "CVE-2021-46659", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2021-46669", "CVE-2022-24048", "CVE-2022-24050", "CVE-2022-24051", "CVE-2022-24052", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmariadbd-devel", "p-cpe:/a:novell:suse_linux:libmariadbd19", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-tools", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2561-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163504", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2561-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163504);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-46657\",\n \"CVE-2021-46658\",\n \"CVE-2021-46659\",\n \"CVE-2021-46661\",\n \"CVE-2021-46663\",\n \"CVE-2021-46664\",\n \"CVE-2021-46665\",\n \"CVE-2021-46668\",\n \"CVE-2021-46669\",\n \"CVE-2022-24048\",\n \"CVE-2022-24050\",\n \"CVE-2022-24051\",\n \"CVE-2022-24052\",\n \"CVE-2022-27376\",\n \"CVE-2022-27377\",\n \"CVE-2022-27378\",\n \"CVE-2022-27379\",\n \"CVE-2022-27380\",\n \"CVE-2022-27381\",\n \"CVE-2022-27382\",\n \"CVE-2022-27383\",\n \"CVE-2022-27384\",\n \"CVE-2022-27386\",\n \"CVE-2022-27387\",\n \"CVE-2022-27444\",\n \"CVE-2022-27445\",\n \"CVE-2022-27446\",\n \"CVE-2022-27447\",\n \"CVE-2022-27448\",\n \"CVE-2022-27449\",\n \"CVE-2022-27451\",\n \"CVE-2022-27452\",\n \"CVE-2022-27455\",\n \"CVE-2022-27456\",\n \"CVE-2022-27457\",\n \"CVE-2022-27458\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2561-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : mariadb (SUSE-SU-2022:2561-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2561-1 advisory.\n\n - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER\n BY. (CVE-2021-46657)\n\n - save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect\n handling of with_window_func=true for a subquery. (CVE-2021-46658)\n\n - MariaDB before 10.7.2 allows an application crash because it does not recognize that\n SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659)\n\n - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an\n unused common table expression (CTE). (CVE-2021-46661)\n\n - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n (CVE-2021-46663)\n\n - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n (CVE-2021-46664)\n\n - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables\n expectations. (CVE-2021-46665)\n\n - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that\n improperly interact with storage-engine resource limitations for temporary data structures.\n (CVE-2021-46668)\n\n - MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT\n data type is used. (CVE-2021-46669)\n\n - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n (CVE-2022-24048)\n\n - MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability\n allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is\n required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The\n issue results from the lack of validating the existence of an object prior to performing operations on the\n object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in\n the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050)\n\n - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows\n local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to\n exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue\n results from the lack of proper validation of a user-supplied string before using it as a format\n specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code\n in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051)\n\n - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This\n vulnerability allows local attackers to escalate privileges on affected installations of MariaDB.\n Authentication is required to exploit this vulnerability. The specific flaw exists within the processing\n of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data\n prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to\n escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n (CVE-2022-24052)\n\n - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component\n Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)\n\n - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)\n\n - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27379)\n\n - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to\n allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380)\n\n - An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow\n attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382)\n\n - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component\n my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)\n\n - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was\n discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n (CVE-2022-27384)\n\n - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component\n sql/sql_class.cc. (CVE-2022-27386)\n\n - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component\n decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_subselect.cc. (CVE-2022-27444)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/sql_window.cc. (CVE-2022-27445)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.h. (CVE-2022-27446)\n\n - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447)\n\n - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON'\n at /row/row0mysql.cc. (CVE-2022-27448)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_func.cc:148. (CVE-2022-27449)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/field_conv.cc. (CVE-2022-27451)\n\n - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component\n sql/item_cmpfunc.cc. (CVE-2022-27452)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec\n at /sql/sql_type.cc. (CVE-2022-27456)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)\n\n - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component\n Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195325\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195334\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195339\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27376\");\n script_set_attribute(attribute:

EulerOS 2.0 SP8 : mariadb (EulerOS-SA-2022-2227)

Description

Related