CVE-2022-27385

An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
mariadbmariadb
𝑥
< 10.3.32
mariadbmariadb
10.4.0 ≤
𝑥
< 10.4.22
mariadbmariadb
10.5.0 ≤
𝑥
< 10.5.13
mariadbmariadb
10.6.0 ≤
𝑥
< 10.6.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mariadb-10.5
bullseye
1:10.5.23-0+deb11u1
fixed
bullseye (security)
1:10.5.26-0+deb11u2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mariadb-10.0
trusty
ignored
xenial
needs-triage
mariadb-10.1
bionic
needs-triage
trusty
ignored
xenial
ignored
mariadb-10.3
focal
Fixed 1:10.3.32-0ubuntu0.20.04.1
released
trusty
ignored
xenial
ignored
mariadb-10.5
impish
ignored
trusty
ignored
xenial
ignored
mariadb-10.6
jammy
not-affected
kinetic
ignored
lunar
ignored
mantic
dne
noble
dne
trusty
ignored
xenial
ignored
mariadb-5.5
trusty
ignored
xenial
ignored
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
mariadb105
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-backup
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-backup-debuginfo
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-common
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-connect-engine
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-connect-engine-debuginfo
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-cracklib-password-check
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-cracklib-password-check-debuginfo
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-debuginfo
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-debugsource
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-devel
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-errmsg
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-gssapi-server
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-gssapi-server-debuginfo
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-oqgraph-engine
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-oqgraph-engine-debuginfo
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-pam
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-pam-debuginfo
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-rocksdb-engine
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-rocksdb-engine-debuginfo
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-server
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-server-debuginfo
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-server-utils
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-server-utils-debuginfo
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-sphinx-engine
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-sphinx-engine-debuginfo
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-test
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
mariadb105-test-debuginfo
Amazon Linux 2023
3:10.5.16-1.amzn2023.0.7
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
mariadb
CBL-Mariner 1.0
0:10.3.35-1.cm1
fixed