Lucene search

K
rosalinuxROSA LABROSA-SA-2023-2255
HistoryOct 21, 2023 - 3:57 p.m.

Advisory ROSA-SA-2023-2255

2023-10-2115:57:28
ROSA LAB
abf.rosalinux.ru
13
mariadb 10.5.20
remote attackers
confidentiality
integrity
availability
denial of service
vulnerability
update required

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

67.9%

software: mariadb 10.5.20
OS: ROSA-CHROME

package_evr_string: mariadb-10.5.20-1.src.rpm

CVE-ID: CVE-2022-32088
BDU-ID: 2022-04064
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort function of the MariaDB database management system is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, availability of protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-32089
BDU-ID: 2022-04079
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the st_select_lex_unit::exclude_level function of the MariaDB database management system is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to impact the availability of protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-32091
BDU-ID: 2022-04082
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the __interceptor_memset function (/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc) of the MariaDB database management system is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, availability of protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-38791
BDU-ID: 2023-05678
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the ds_compress.cc component of the MariaDB database management system is caused by resource locking errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-47015
BDU-ID: 2023-03856
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the spider_db_mbase::print_warnings() function of the MariaDB DBMS is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchmariadb< 10.5.20UNKNOWN

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

67.9%