Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-24051
HistoryFeb 18, 2022 - 12:00 a.m.

CVE-2022-24051

2022-02-1800:00:00
ubuntu.com
ubuntu.com
17

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

14.2%

MariaDB CONNECT Storage Engine Format String Privilege Escalation
Vulnerability. This vulnerability allows local attackers to escalate
privileges on affected installations of MariaDB. Authentication is required
to exploit this vulnerability. The specific flaw exists within the
processing of SQL queries. The issue results from the lack of proper
validation of a user-supplied string before using it as a format specifier.
An attacker can leverage this vulnerability to escalate privileges and
execute arbitrary code in the context of the service account. Was
ZDI-CAN-16193.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchmariadb-10.0< anyUNKNOWN
ubuntu18.04noarchmariadb-10.1< anyUNKNOWN
ubuntu20.04noarchmariadb-10.3< 1:10.3.34-0ubuntu0.20.04.1UNKNOWN
ubuntu21.10noarchmariadb-10.5< 1:10.5.15-0ubuntu0.21.10.1UNKNOWN

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

14.2%