CVE-2024-27766

An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.7 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
mitreCNA
---
---
CISA-ADPADP
5.7 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
mariadbmariadb
11.1.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mariadb
questing
needs-triage
plucky
needs-triage
oracular
ignored
noble
needs-triage
jammy
dne
focal
dne
mysql-5.5
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
trusty
ignored
mysql-5.7
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
not-affected
xenial
ignored
mysql-8.0
questing
dne
plucky
dne
oracular
not-affected
noble
not-affected
jammy
not-affected
focal
not-affected
mariadb-10.0
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
xenial
needs-triage
mariadb-10.1
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
needs-triage
mariadb-10.3
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
needs-triage
mariadb-10.6
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
needs-triage
focal
dne
percona-xtradb-cluster-5.6
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
xenial
needs-triage
percona-server-5.6
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/Ant1sec-ops/CVE-2024-27766
https://seclists.org/fulldisclosure/2012/Dec/39