PT-2024-7393 · Mariadb Foundation · Mariadb

King Cope

Published

2024-02-26

Updated

2025-07-11

CVE-2024-27766

CVSS v2.0

6.1

Medium

Vector

AV:L/AC:L/Au:N/C:C/I:P/A:P

Name of the Vulnerable Software and Affected Versions: MariaDB version 11.1

Description: The issue in MariaDB is related to incorrect management of code generation in the lib mysqludf sys.so library, which can be exploited by an attacker to elevate privileges and execute arbitrary code. A remote attacker can execute arbitrary code via the lib mysqludf sys.so function. Note that this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

Recommendations: For MariaDB version 11.1, consider disabling the use of the lib mysqludf sys.so function as a temporary workaround until a patch is available. Restrict access to the lib mysqludf sys.so library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

BDU:2024-08763

BIT-MARIADB-2024-27766

BIT-MARIADB-MIN-2024-27766

BIT-MYSQL-CLIENT-2024-27766

CVE-2024-27766

Affected Products

Mariadb

PT-2024-7393 · Mariadb Foundation · Mariadb

CVE-2024-27766

Weakness Enumeration

Related Identifiers

Affected Products

References · 18