Lucene search

K
redosRedosROS-20240916-02
HistorySep 16, 2024 - 12:00 a.m.

ROS-20240916-02

2024-09-1600:00:00
redos.red-soft.ru
4
mariadb
dbms
vulnerabilities
denial of service
remote
sql query
memory usage

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.1

Confidence

Low

The vulnerability of the sql/item_cmpfunc.cc component of the MariaDB DBMS is related to a flaw in the use of the function
assert(). Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of
service

The vulnerability of the Create_tmp_table::finalize component of the MariaDB DBMS is related to the failure to take measures to protect the
SQL query structure. Exploitation of the vulnerability allows a remote attacker to cause a denial of service using a specially crafted SQL query structure.
denial of service using a specially crafted SQL query

The vulnerability of the my_strcasecmp_8bit component of MariaDB DBMS is related to memory usage after it is released.
release. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted SQL query.
service using a specially crafted SQL query

The vulnerability of the Item_func_in::cleanup() component of MariaDB DBMS is related to memory usage after its release.
release. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted SQL query.
service using a specially crafted SQL query

Vulnerability of the field_conv.cc component of the MariaDB database management system is related to errors in using the code validation system.
code validation system. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service

Vulnerability in item_subselect.cc component of MariaDB database management system is related to an operation exceeding the buffer boundaries in memory.
operation beyond the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service

A vulnerability in the item_cmpfunc.h component of the MariaDB database management system is related to a flaw in the use of the assert() function.
in the use of assert() function. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service

Vulnerability in the decimal_bin_size component of the MariaDB database management system is related to an out-of-bounds
operation beyond the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service using specially crafted SQL statements

The vulnerability in the sql/item_func.cc component of MariaDB DBMS is related to a flaw in using the function
assert(). Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of
service

The vulnerability of the MariaDB DBMS Field::set_default component is related to the failure to take measures to protect the SQL query structure.
SQL query structure. The vulnerability exploitation allows a remote attacker to cause a denial of service using a specially crafted query.
service using a specially crafted SQL query

Vulnerability in the my_mb_wc_latin1 component of MariaDB database management system is related to the use of memory after its release.
memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service

Vulnerability of sql/sql_class.cc component of MariaDB database management system is related to failure to take measures to protect SQL query structure.
measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service

The vulnerability of the Binary_string::free_buffer() function in the /sql/sql_string.h component of the MariaDB database management system is related to
memory usage after its freeing. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service.
remotely, cause a denial of service

The vulnerability of the /row/row0mysql.cc component of MariaDB DBMS is related to a flaw in the use of the function
assert(). Exploitation of the vulnerability allows a remote attacker to cause a denial of service.
service

The vulnerability of the MariaDB DBMS Item_subselect::init_expr_cache_tracker component is related to the failure to take measures to protect the SQL query structure.
protecting the SQL query structure. Exploitation of the vulnerability allows an attacker acting remotely,
cause a denial of service using a specially crafted SQL query

Vulnerability of sql/sql_window.cc component of MariaDB database management system is associated with
uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely, cause a denial of service

Vulnerability of the my_decimal::operator component of the MariaDB DBMS is related to the failure to take measures to protect the structure of an SQL query.
SQL query structure. The vulnerability exploitation allows a remote attacker to cause a denial of service using a specially crafted query.
service denial using a specially crafted SQL query

The vulnerability of the MariaDB DBMS Item_args::walk_arg component is related to memory usage after it is released.
freeing. Exploitation of the vulnerability allows a remote attacker to cause a denial of service using a specially crafted SQL query.
service using a specially crafted SQL query

Vulnerability of my_wildcmp_8bit_impl component of MariaDB database management system is related to memory usage after its release.
memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker ,
acting remotely, to cause a denial of service

Vulnerability of VDec::VDec function of /sql/sql_type.cc component of MariaDB DBMS is related to memory usage after its release.
after its release. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service.
denial of service

The vulnerability of the Arg_comparator::compare_real_fixed component of MariaDB DBMS is related to the failure to take measures to protect the SQL query structure.
protecting the SQL query structure. Exploitation of the vulnerability allows a remote intruder to
cause a denial of service using a specially crafted SQL query

Vulnerability of Item_field::used_tables/update_depend_map_for_order comopnent of MariaDB database management system is related to the use of the assert function of the Item_field::used_tables/update_depend_map_for_order function.
MariaDB database management system is related to the use of assert() or similar operator. Exploitation of the vulnerability
could allow an attacker acting remotely to cause a denial of service.

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64mariadb< 10.5.15-1UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.1

Confidence

Low