PT-2020-13396 · Mariadb+8 · Mariadb Connector/C+9

Matthias Kaiser

·

Published

2020-05-12

·

Updated

2024-06-15

·

CVE-2020-13249

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions MariaDB Connector/C versions prior to 3.1.8
Description The issue is related to the improper validation of the content of an OK packet received from a server in the libmariadb/mariadb lib.c file. This problem does not affect any MySQL components supported by Oracle, despite the code originally being based on MySQL.
Recommendations For versions prior to 3.1.8, update to version 3.1.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the libmariadb/mariadb lib.c file until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

ALSA-2020:5500
ALSA-2020:5503
ALT-PU-2020-2246
ALT-PU-2020-2265
CESA-2020_5500
CESA-2020_5503
CVE-2020-13249
OPENSUSE-SU-2020:0738-1
OPENSUSE-SU-2020:0870-1
OPENSUSE-SU-2020_0738-1
OPENSUSE-SU-2020_0870-1
OPENSUSE-SU-2024:11038-1
OPENSUSE-SU-2024:11039-1
RHSA-2020:4174
RHSA-2020:5246
RHSA-2020:5500
RHSA-2020:5503
RHSA-2020:5654
RHSA-2020:5655
RHSA-2020:5660
RHSA-2020:5662
RHSA-2020:5663
RHSA-2020:5665
RHSA-2020_5500
RHSA-2020_5503
RLSA-2020:5500
RLSA-2020:5503
SUSE-RU-2023:3956-1
SUSE-RU-2023:4991-1
SUSE-SU-2020:1423-1
SUSE-SU-2020:1431-1
SUSE-SU-2020:1710-1
SUSE-SU-2020:1711-1
SUSE-SU-2020:3625-1
SUSE-SU-2020_1423-1
SUSE-SU-2020_1431-1
SUSE-SU-2020_1710-1
SUSE-SU-2020_1711-1
USN-4603-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Mariadb Connector/C
Mariadb Server
Red Hat
Rocky Linux
Suse
Ubuntu