Lucene search

[email protected]NVD:CVE-2022-38791

HistoryAug 27, 2022 - 8:15 p.m.

CVE-2022-38791

2022-08-2720:15:08

CWE-667

[email protected]

web.nvd.nist.gov

mariadb

data compression

stream write

deadlock

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.

Affected configurations

NVD

Node

mariadbmariadbRange10.3.0–10.3.36

mariadbmariadbRange10.4.0–10.4.26

mariadbmariadbRange10.5.0–10.5.17

mariadbmariadbRange10.6.0–10.6.9

mariadbmariadbRange10.7.0–10.7.5

mariadbmariadbRange10.8.0–10.8.4

mariadbmariadbMatch10.9.1

Node

fedoraprojectfedoraMatch35

fedoraprojectfedoraMatch36

fedoraprojectfedoraMatch37

References

jira.mariadb.org/browse/MDEV-28719

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCOEGSVMIEXDZHBOSV6WVF7FAVRBR2JE/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTVAONAZXJFGHAJ4RP2OF3EAMQCOTDSQ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHISY4YVO4S5QJYYIXCIAXBM7INOL4VY/

security.netapp.com/advisory/ntap-20221104-0008/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2022-38791

osv9 ubuntucve1 openvas14 prion1 cbl_mariner1 redhatcve1 mariadbunix1 cve1 cvelist1 debiancve1 nessus29 oraclelinux3 almalinux3 redhat4 rosalinux1 fedora6 rocky1 suse1 gentoo1