PT-2021-6913 · Mariadb+5 · Mariadb Server+5

Yaoguang

·

Published

2021-11-08

·

Updated

2025-06-10

·

CVE-2022-27385

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions MariaDB Server versions 10.7 and below
Description An issue in the component Used tables and const cache::used tables and const cache join of MariaDB Server was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. The vulnerability is related to the lack of protection measures for the SQL query structure, which can be exploited by a remote attacker to cause a denial of service.
Recommendations For MariaDB Server versions 10.7 and below, consider disabling the Used tables and const cache::used tables and const cache join component as a temporary workaround until a patch is available. Restrict access to the SQL query functionality to minimize the risk of exploitation. Avoid using specially crafted SQL statements in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

ALSA-2022:1556
ALSA-2022:1557
ALT-PU-2022-2360
ALT-PU-2022-2446
ALT-PU-2023-1583
ALT-PU-2023-6462
BDU:2022-02595
BIT-MARIADB-2022-27385
BIT-MARIADB-MIN-2022-27385
BIT-MYSQL-CLIENT-2022-27385
CESA-2022_1556
CESA-2022_1557
CVE-2022-27385
OESA-2022-1681
RHSA-2022:1007
RHSA-2022:1010
RHSA-2022:1556
RHSA-2022:1557
RHSA-2022:4818
RHSA-2022_1556
RHSA-2022_1557
RHSA-2023:6821
RLSA-2022:1556
RLSA-2022:1557
ROSA-SA-2023-2253

Affected Products

Alt Linux
Almalinux
Centos
Mariadb Server
Red Hat
Rocky Linux