CVE-2021-27928

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
mariadbmariadb
10.2 ≤
𝑥
< 10.2.37
mariadbmariadb
10.3 ≤
𝑥
< 10.3.28
mariadbmariadb
10.4 ≤
𝑥
< 10.4.18
mariadbmariadb
10.5 ≤
𝑥
< 10.5.9
perconapercona_server
𝑥
≤ 2021-03-03
galeraclusterwsrep
𝑥
≤ 2021-03-03
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mariadb-10.5
bullseye
1:10.5.23-0+deb11u1
fixed
bullseye (security)
1:10.5.26-0+deb11u2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mariadb-10.1
bionic
needs-triage
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
mariadb-10.3
bionic
dne
focal
needed
groovy
ignored
hirsute
dne
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
mariadb-10.5
bionic
dne
focal
dne
groovy
dne
hirsute
not-affected
impish
not-affected
trusty
dne
xenial
dne
percona-server-5.6
bionic
dne
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
liblz4-1
suse enterprise sap 12 SP5
1.8.0-3.5.2
fixed
suse enterprise server 12 SP5
1.8.0-3.5.2
fixed
libmariadb3
suse enterprise sap 12 SP5
3.1.22-2.35.1
fixed
suse enterprise server 12 SP5
3.1.22-2.35.1
fixed
libmariadb_plugins
suse enterprise sap 12 SP5
3.1.22-2.35.1
fixed
suse enterprise server 12 SP5
3.1.22-2.35.1
fixed
libmariadbd-devel
suse enterprise sap 15 SP2
10.4.20-3.9.1
fixed
suse enterprise sap 15 SP3
10.5.11-3.3.1
fixed
suse enterprise sap 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise sap 15 SP7
11.4.5-150700.1.2
fixed
suse enterprise server 15 SP2
10.4.20-3.9.1
fixed
suse enterprise server 15 SP3
10.5.11-3.3.1
fixed
suse enterprise server 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise server 15 SP7
11.4.5-150700.1.2
fixed
libmariadbd104-devel
suse enterprise server 15 SP1
10.4.30-150100.3.5.10
fixed
libmariadbd19
suse enterprise sap 12 SP5
10.4.30-8.5.46
fixed
suse enterprise sap 15 SP2
10.4.20-3.9.1
fixed
suse enterprise sap 15 SP3
10.5.11-3.3.1
fixed
suse enterprise sap 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise sap 15 SP7
11.4.5-150700.1.2
fixed
suse enterprise server 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 15 SP1
10.4.30-150100.3.5.10
fixed
suse enterprise server 15 SP2
10.4.20-3.9.1
fixed
suse enterprise server 15 SP3
10.5.11-3.3.1
fixed
suse enterprise server 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise server 15 SP7
11.4.5-150700.1.2
fixed
libmysqld-devel
suse enterprise server 15
10.2.39-3.40.1
fixed
suse enterprise server 15 SP1
10.2.39-3.40.1
fixed
libmysqld19
suse enterprise server 15
10.2.39-3.40.1
fixed
suse enterprise server 15 SP1
10.2.39-3.40.1
fixed
mariadb
suse enterprise sap 12 SP5
10.2.39-3.36.1
fixed
suse enterprise sap 15 SP2
10.4.20-3.9.1
fixed
suse enterprise sap 15 SP3
10.5.11-3.3.1
fixed
suse enterprise sap 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise sap 15 SP7
11.4.5-150700.1.2
fixed
suse enterprise server 12 SP4
10.2.39-3.36.1
fixed
suse enterprise server 12 SP5
10.2.39-3.36.1
fixed
suse enterprise server 15
10.2.39-3.40.1
fixed
suse enterprise server 15 SP1
10.2.39-3.40.1
fixed
suse enterprise server 15 SP2
10.4.20-3.9.1
fixed
suse enterprise server 15 SP3
10.5.11-3.3.1
fixed
suse enterprise server 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise server 15 SP7
11.4.5-150700.1.2
fixed
mariadb-client
suse enterprise sap 12 SP5
10.2.39-3.36.1
fixed
suse enterprise sap 15 SP2
10.4.20-3.9.1
fixed
suse enterprise sap 15 SP3
10.5.11-3.3.1
fixed
suse enterprise sap 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise sap 15 SP7
11.4.5-150700.1.2
fixed
suse enterprise server 12 SP4
10.2.39-3.36.1
fixed
suse enterprise server 12 SP5
10.2.39-3.36.1
fixed
suse enterprise server 15
10.2.39-3.40.1
fixed
suse enterprise server 15 SP1
10.2.39-3.40.1
fixed
suse enterprise server 15 SP2
10.4.20-3.9.1
fixed
suse enterprise server 15 SP3
10.5.11-3.3.1
fixed
suse enterprise server 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise server 15 SP7
11.4.5-150700.1.2
fixed
mariadb-errormessages
suse enterprise sap 12 SP5
10.2.39-3.36.1
fixed
suse enterprise sap 15 SP2
10.4.20-3.9.1
fixed
suse enterprise sap 15 SP3
10.5.11-3.3.1
fixed
suse enterprise sap 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise sap 15 SP7
11.4.5-150700.1.2
fixed
suse enterprise server 12 SP4
10.2.39-3.36.1
fixed
suse enterprise server 12 SP5
10.2.39-3.36.1
fixed
suse enterprise server 15
10.2.39-3.40.1
fixed
suse enterprise server 15 SP1
10.2.39-3.40.1
fixed
suse enterprise server 15 SP2
10.4.20-3.9.1
fixed
suse enterprise server 15 SP3
10.5.11-3.3.1
fixed
suse enterprise server 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise server 15 SP7
11.4.5-150700.1.2
fixed
mariadb-tools
suse enterprise sap 12 SP5
10.2.39-3.36.1
fixed
suse enterprise sap 15 SP2
10.4.20-3.9.1
fixed
suse enterprise sap 15 SP3
10.5.11-3.3.1
fixed
suse enterprise sap 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise sap 15 SP7
11.4.5-150700.1.2
fixed
suse enterprise server 12 SP4
10.2.39-3.36.1
fixed
suse enterprise server 12 SP5
10.2.39-3.36.1
fixed
suse enterprise server 15
10.2.39-3.40.1
fixed
suse enterprise server 15 SP1
10.2.39-3.40.1
fixed
suse enterprise server 15 SP2
10.4.20-3.9.1
fixed
suse enterprise server 15 SP3
10.5.11-3.3.1
fixed
suse enterprise server 15 SP4
10.6.7-150400.1.4
fixed
suse enterprise server 15 SP7
11.4.5-150700.1.2
fixed
mariadb104
suse enterprise sap 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 15 SP1
10.4.30-150100.3.5.10
fixed
mariadb104-bench
suse enterprise sap 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 15 SP1
10.4.30-150100.3.5.10
fixed
mariadb104-client
suse enterprise sap 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 15 SP1
10.4.30-150100.3.5.10
fixed
mariadb104-errormessages
suse enterprise sap 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 15 SP1
10.4.30-150100.3.5.10
fixed
mariadb104-galera
suse enterprise sap 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 15 SP1
10.4.30-150100.3.5.10
fixed
mariadb104-rpm-macros
suse enterprise sap 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 15 SP1
10.4.30-150100.3.5.10
fixed
mariadb104-test
suse enterprise sap 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 15 SP1
10.4.30-150100.3.5.10
fixed
mariadb104-tools
suse enterprise sap 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 12 SP5
10.4.30-8.5.46
fixed
suse enterprise server 15 SP1
10.4.30-150100.3.5.10
fixed
python3-mysqlclient
suse enterprise sap 12 SP5
1.3.14-8.9.2
fixed
suse enterprise server 12 SP5
1.3.14-8.9.2
fixed
suse enterprise server 15 SP1
1.4.6-150100.3.3.7
fixed
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html
https://jira.mariadb.org/browse/MDEV-25179
https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html
https://mariadb.com/kb/en/mariadb-10237-release-notes/
https://mariadb.com/kb/en/mariadb-10328-release-notes/
https://mariadb.com/kb/en/mariadb-10418-release-notes/
https://mariadb.com/kb/en/mariadb-1059-release-notes/
https://mariadb.com/kb/en/security/
https://security.gentoo.org/glsa/202105-28
http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html
https://jira.mariadb.org/browse/MDEV-25179
https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html
https://mariadb.com/kb/en/mariadb-10237-release-notes/
https://mariadb.com/kb/en/mariadb-10328-release-notes/
https://mariadb.com/kb/en/mariadb-10418-release-notes/
https://mariadb.com/kb/en/mariadb-1059-release-notes/
https://mariadb.com/kb/en/security/
https://security.gentoo.org/glsa/202105-28