PT-2022-3057 · Mariadb+10 · Mariadb Server+10

Jingzhou Fu

·

Published

2019-05-06

·

Updated

2025-06-10

·

CVE-2022-27445

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions MariaDB Server versions 10.9 and below
Description The issue is related to a segmentation fault in the sql/sql window.cc component of the MariaDB Server. This can be exploited by a remote attacker to cause a denial of service. There is also a mention of an uncontrolled resource consumption vulnerability in the same component, which can be exploited to achieve the same goal. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.
Recommendations For MariaDB Server versions 10.9 and below, update to a version above 10.9 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2022:5826
ALSA-2022:5948
ALSA-2022:6443
ALT-PU-2022-2360
ALT-PU-2022-2446
ALT-PU-2023-1583
ALT-PU-2023-6462
AZL-9409
BDU:2022-03726
BIT-MARIADB-2022-27445
BIT-MARIADB-MIN-2022-27445
BIT-MYSQL-CLIENT-2022-27445
CESA-2022_5826
CESA-2022_6443
CVE-2022-27445
DLA-3114-1
DLA-3114-2
MGASA-2022-0215
OESA-2022-1681
OPENSUSE-SU-2022_2003-1
OPENSUSE-SU-2022_2107-1
OPENSUSE-SU-2022_2561-1
RHSA-2022:5759
RHSA-2022:5826
RHSA-2022:5948
RHSA-2022:6306
RHSA-2022:6443
RHSA-2022_5826
RHSA-2022_5948
RHSA-2022_6443
RHSA-2023:6821
RLSA-2022:5826
RLSA-2022:5948
RLSA-2022:6443
ROSA-SA-2023-2253
SUSE-RU-2023:3956-1
SUSE-RU-2023:4991-1
SUSE-SU-2022:2003-1
SUSE-SU-2022:2107-1
SUSE-SU-2022:2160-1
SUSE-SU-2022:2189-1
SUSE-SU-2022:2561-1
USN-5739-1
USN-5739-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Mariadb Server
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu