CVE-2022-24052

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
zdiCNA
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
mariadbmariadb
10.2.0 ≤
𝑥
< 10.2.42
mariadbmariadb
10.3.0 ≤
𝑥
< 10.3.33
mariadbmariadb
10.4.0 ≤
𝑥
< 10.4.23
mariadbmariadb
10.5.0 ≤
𝑥
< 10.5.14
mariadbmariadb
10.6.0 ≤
𝑥
< 10.6.6
mariadbmariadb
10.7.0 ≤
𝑥
< 10.7.2
mariadbmariadb
10.8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mariadb-10.5
bullseye
1:10.5.23-0+deb11u1
fixed
bullseye (security)
1:10.5.26-0+deb11u2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mariadb-10.0
xenial
needs-triage
trusty
ignored
mariadb-10.1
bionic
needs-triage
xenial
ignored
trusty
ignored
mariadb-10.3
focal
Fixed 1:10.3.34-0ubuntu0.20.04.1
released
xenial
ignored
trusty
ignored
mariadb-10.5
impish
Fixed 1:10.5.15-0ubuntu0.21.10.1
released
xenial
ignored
trusty
ignored
mariadb-10.6
noble
dne
mantic
dne
lunar
ignored
kinetic
ignored
jammy
not-affected
xenial
ignored
trusty
ignored
mariadb-5.5
xenial
ignored
trusty
ignored
Common Weakness Enumeration
References
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO/
https://mariadb.com/kb/en/security/
https://security.netapp.com/advisory/ntap-20220318-0004/
https://www.zerodayinitiative.com/advisories/ZDI-22-367/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO/
https://mariadb.com/kb/en/security/
https://security.netapp.com/advisory/ntap-20220318-0004/
https://www.zerodayinitiative.com/advisories/ZDI-22-367/