Advisory ROSA-SA-2023-2253

software: mariadb 10.5.20
OS: ROSA-CHROME

package_evr_string: mariadb-10.5.20-1.src.rpm

CVE-ID: CVE-2022-21595
BDU-ID: 2022-06420
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability exists in the C API component of the MySQL Server database management system due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-24048
BDU-ID: 2022-00903
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the MariaDB database management system is related to a stacked buffer overflow. Exploitation of the vulnerability could allow an attacker to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-24050
BDU-ID: 2022-00887
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the MariaDB database management system is related to memory usage after memory is freed. Exploitation of the vulnerability could allow an attacker to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-24051
BDU-ID: 2022-00837
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the MariaDB database management system’s implementation of the CONNECT function is related to the use of uncontrolled format strings. Exploitation of the vulnerability could allow an attacker to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-24052
BDU-ID: 2022-00883
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the MariaDB database management system is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code when processing CONNECT requests
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27376
BDU-ID: 2022-06922
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Item_args::walk_arg component of the MariaDB DBMS is related to memory utilization after it has been freed. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted SQL query
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27377
BDU-ID: 2022-06927
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Item_func_in::cleanup() component of the MariaDB DBMS is related to memory utilization after it has been freed. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted SQL query
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27378
BDU-ID: 2022-06915
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Create_tmp_table::finalize component of the MariaDB DBMS is related to the failure to take measures to protect the SQL query structure. Exploitation of the vulnerability allows a remote attacker to cause a denial of service using a specially crafted SQL query
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27379
BDU-ID: 2022-06923
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Arg_comparator::compare_real_fixed component of the MariaDB DBMS is related to the failure to take measures to protect the SQL query structure. Exploitation of the vulnerability allows a remote attacker to cause a denial of service using a specially crafted SQL query
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27380
BDU-ID: 2022-06924
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the my_decimal::operator component of the MariaDB DBMS is related to the failure to take measures to protect the SQL query structure. Exploitation of the vulnerability allows a remote attacker to cause a denial of service using a specially crafted SQL query
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27381
BDU-ID: 2022-06916
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Field::set_default component of the MariaDB DBMS is related to the failure to take measures to protect the SQL query structure. Exploitation of the vulnerability allows a remote attacker to cause a denial of service using a specially crafted SQL query
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27382
BDU-ID: 2023-05661
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Item_field::used_tables/update_depend_map_for_order component of the MariaDB database management system is related to the use of assert() or a similar operator. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27383
BDU-ID: 2022-06904
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the my_strcasecmp_8bit component of the MariaDB DBMS is related to memory utilization after it has been freed. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted SQL query
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27384
BDU-ID: 2022-06906
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Item_subselect::init_expr_cache_tracker component of the MariaDB DBMS is related to the failure to take measures to protect the SQL query structure. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted SQL query
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27385
BDU-ID: 2022-02595
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Used_tables_and_const_cache::used_tables_and_const_cache_join component of the MariaDB database management system is related to failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using specially crafted SQL statements
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27386
BDU-ID: 2022-02594
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the sql/sql_class.cc component of the MariaDB database management system is related to a failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27387
BDU-ID: 2022-02593
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the decimal_bin_size component of the MariaDB database management system is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using specially crafted SQL statements
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27444
BDU-ID: 2023-05685
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the item_subselect.cc component of the MariaDB database management system is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27445
BDU-ID: 2022-03726
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the sql/sql_window.cc component of the MariaDB database management system is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27446
BDU-ID: 2023-05684
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the item_cmpfunc.h component of the MariaDB database management system is related to a flaw in the use of the assert() function. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb