The version of MariaDB installed on the remote host is prior to 10.9.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mdb-1092-rn advisory.
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. (CVE-2018-25032)
MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. (CVE-2022-32081)
MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. (CVE-2022-32082)
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
(CVE-2022-32084)
MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. (CVE-2022-32089)
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. (CVE-2022-32091)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(164026);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/23");
script_cve_id(
"CVE-2018-25032",
"CVE-2022-32081",
"CVE-2022-32082",
"CVE-2022-32084",
"CVE-2022-32089",
"CVE-2022-32091",
"CVE-2022-38791"
);
script_name(english:"MariaDB 10.9.0 < 10.9.2 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of MariaDB installed on the remote host is prior to 10.9.2. It is, therefore, affected by multiple
vulnerabilities as referenced in the mdb-1092-rn advisory.
- zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many
distant matches. (CVE-2018-25032)
- MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at
/storage/innobase/handler/handler0alter.cc. (CVE-2022-32081)
- MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in
dict0dict.cc. (CVE-2022-32082)
- MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
(CVE-2022-32084)
- MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component
st_select_lex_unit::exclude_level. (CVE-2022-32089)
- MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at
/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. (CVE-2022-32091)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/mariadb-10-9-2-release-notes");
script_set_attribute(attribute:"solution", value:
"Upgrade to MariaDB version 10.9.2 or later.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-32081");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-32091");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/03/25");
script_set_attribute(attribute:"patch_publication_date", value:"2022/06/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/08/10");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mariadb:mariadb");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Databases");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mariadb_nix_installed.nbin", "mariadb_win_installed.nbin", "mysql_version.nasl", "mysql_login.nasl");
script_require_keys("installed_sw/MariaDB");
script_require_ports("Services/mysql", 3306);
exit(0);
}
include('vcf.inc');
var app_info = vcf::combined_get_app_info(app:'MariaDB');
vcf::check_all_backporting(app_info:app_info);
var constraints = [
{ 'min_version' : '10.9', 'fixed_version' : '10.9.2' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
require_paranoia:TRUE,
severity:SECURITY_HOLE
);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32081
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32082
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32084
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32089
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32091
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38791
mariadb.com/kb/en/mariadb-10-9-2-release-notes