Advisory ROSA-SA-2023-2254

software: mariadb 10.5.20
OS: ROSA-CHROME

package_evr_string: mariadb-10.5.20-1.src.rpm

CVE-ID: CVE-2022-27447
BDU-ID: 2022-06909
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Binary_string::free_buffer() function of the /sql/sql_string.h component of the MariaDB DBMS is related to memory usage after it has been freed. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run command: sudo dnf update mariadb

CVE-ID: CVE-2022-27448
BDU-ID: 2022-06913
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the /row/row0mysql.cc component of the MariaDB DBMS is related to a flaw in the use of the assert() function. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27449
BDU-ID: 2022-06919
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the sql/item_func.cc component of the MariaDB DBMS is related to a flaw in the use of the assert() function. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27451
BDU-ID: 2023-05683
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the field_conv.cc component of the MariaDB database management system is related to errors in the use of the code validation system. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27452
BDU-ID: 2022-06907
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the sql/item_cmpfunc.cc component of the MariaDB DBMS is related to a flaw in the use of the assert() function. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27455
BDU-ID: 2023-05677
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the my_wildcmp_8bit_impl component of the MariaDB database management system is related to memory utilization after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27456
BDU-ID: 2022-06914
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the VDec::VDec function of the /sql/sql_type.cc component of the MariaDB DBMS is related to memory usage after it is freed. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27457
BDU-ID: 2023-05676
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the my_mb_wc_latin1 component of the MariaDB database management system is related to the use of memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-27458
BDU-ID: 2022-06910
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Binary_string::free_buffer() function of the /sql/sql_string.h component of the MariaDB DBMS is related to memory usage after it has been freed. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run command: sudo dnf update mariadb

CVE-ID: CVE-2022-31621
BDU-ID: 2022-03789
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the xbstream_open function (extra/mariabackup/ds_xbstream.cc) of the MariaDB database management system is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-31622
BDU-ID: 2022-03791
CVE-Crit: LOW
CVE-DESC.: A vulnerability exists in the create_worker_threads method (extra/mariabackup/ds_compress.cc) of the MariaDB database management system due to incorrect resource sweep or release. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-31623
BDU-ID: 2022-03792
CVE-Crit: LOW
CVE-DESC.: A vulnerability exists in the create_worker_threads method (extra/mariabackup/ds_compress.cc) of the MariaDB database management system due to incorrect resource sweep or release. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-31624
BDU-ID: 2022-03790
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the log_statement_ex method (plugin/server_audit/server_audit/server_audit.c) of the MariaDB database management system is related to incorrect resource sweep or release. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-32081
BDU-ID: 2022-04075
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the prepare_inplace_add_virtual function of the MariaDB database management system is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to affect confidentiality, integrity, availability of protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-32082
BDU-ID: 2022-05553
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the dict0dict.cc component of the MariaDB database management system involves the use of assert() or a similar operator. Exploiting the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-32083
BDU-ID: 2022-04080
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Item_subselect::init_expr_cache_tracker function of the MariaDB database management system is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to affect confidentiality, integrity, availability of protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-32084
BDU-ID: 2022-04078
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the sub_select component of the MariaDB database management system is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, availability of protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-32085
BDU-ID: 2022-04076
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Item_func_in::cleanup/Item::cleanup_processor function of the MariaDB database management system is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, availability of protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-32086
BDU-ID: 2022-04087
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Item_field::fix_outer_field function of the MariaDB database management system is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow a remote attacker to affect confidentiality, integrity, availability of protected information.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-32087
BDU-ID: 2022-04068
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Item_args::walk_args function of the MariaDB database management system is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow a remote attacker to affect confidentiality, integrity, availability of protected information.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb