PT-2021-7499 · Mariadb+10 · Mariadb Server+10

Yaoguang

Published

2020-11-09

Updated

2025-06-10

CVE-2022-27376

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions MariaDB Server versions 10.6.5 and below

Description The issue is related to an use-after-free in the component Item args::walk arg, which can be exploited via specially crafted SQL statements, potentially allowing a remote attacker to cause a denial of service.

Recommendations For MariaDB Server versions 10.6.5 and below, consider updating to a version above 10.6.5 to resolve the issue. As a temporary workaround, consider restricting the use of specially crafted SQL statements to minimize the risk of exploitation.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2022:5826

ALSA-2022:5948

ALSA-2022:6443

ALT-PU-2022-2360

ALT-PU-2022-2446

ALT-PU-2023-1583

ALT-PU-2023-6462

AZL-9689

BDU:2022-06922

BIT-MARIADB-2022-27376

BIT-MARIADB-MIN-2022-27376

BIT-MYSQL-CLIENT-2022-27376

CESA-2022_5826

CESA-2022_6443

CVE-2022-27376

DLA-3114-1

DLA-3114-2

MGASA-2022-0215

OESA-2022-1681

OPENSUSE-SU-2022_2003-1

OPENSUSE-SU-2022_2561-1

RHSA-2022:5759

RHSA-2022:5826

RHSA-2022:5948

RHSA-2022:6306

RHSA-2022:6443

RHSA-2022_5826

RHSA-2022_5948

RHSA-2022_6443

RHSA-2023:6821

RLSA-2022:5826

RLSA-2022:5948

RLSA-2022:6443

ROSA-SA-2023-2253

SUSE-RU-2023:3956-1

SUSE-RU-2023:4991-1

SUSE-SU-2022:2003-1

SUSE-SU-2022:2189-1

SUSE-SU-2022:2561-1

USN-5739-1

USN-5739-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Mariadb Server

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2021-7499 · Mariadb+10 · Mariadb Server+10

CVE-2022-27376

Weakness Enumeration

Related Identifiers

Affected Products

References · 682