PT-2021-7209 · Mariadb+5 · Mariadb Server+5

Vaintroub

Published

2021-09-15

Updated

2025-06-10

CVE-2022-31621

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions MariaDB Server versions prior to 10.7

Description The issue is related to a denial of service vulnerability in the xbstream open method, located in extra/mariabackup/ds xbstream.cc. When an error occurs, specifically when stream ctxt->dest file equals NULL, the lock held is not released correctly. This can lead to a deadlock, allowing local users to trigger a denial of service. The vendor considers this an improper locking bug rather than a vulnerability with adverse effects.

Recommendations For MariaDB Server versions prior to 10.7, update to version 10.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the xbstream open method in extra/mariabackup/ds xbstream.cc to minimize the risk of exploitation.

Exploit

Fix

DoS

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALT-PU-2022-2360

ALT-PU-2022-2446

ALT-PU-2023-1583

ALT-PU-2023-6462

BDU:2022-03789

BIT-MARIADB-2022-31621

BIT-MARIADB-MIN-2022-31621

BIT-MYSQL-CLIENT-2022-31621

CESA-2022_1556

CESA-2022_1557

CVE-2022-31621

RHSA-2022:1007

RHSA-2022:1010

RHSA-2022:1556

RHSA-2022:1557

RHSA-2022:4818

RHSA-2022_1556

RHSA-2022_1557

RHSA-2023:6821

RLSA-2022:1556

RLSA-2022:1557

ROSA-SA-2023-2254

Affected Products

Alt Linux

Astra Linux

Centos

Mariadb Server

Red Hat

Rocky Linux

PT-2021-7209 · Mariadb+5 · Mariadb Server+5

CVE-2022-31621

Weakness Enumeration

Related Identifiers

Affected Products

References · 51