CVE-2024-27766

EUVD-2024-24959
An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.7 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
CISA-ADPADP
5.7 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
mariadbmariadb
11.1.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mariadb
focal
dne
jammy
dne
noble
needs-triage
oracular
ignored
plucky
needs-triage
questing
needs-triage
mysql-5.5
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
ignored
mysql-5.7
bionic
not-affected
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
xenial
ignored
mysql-8.0
focal
not-affected
jammy
not-affected
noble
not-affected
oracular
not-affected
plucky
dne
questing
dne
mariadb-10.0
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
xenial
needs-triage
mariadb-10.1
bionic
needs-triage
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
mariadb-10.3
focal
needs-triage
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
mariadb-10.6
focal
dne
jammy
needs-triage
noble
dne
oracular
dne
plucky
dne
questing
dne
percona-xtradb-cluster-5.6
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
xenial
needs-triage
percona-server-5.6
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/Ant1sec-ops/CVE-2024-27766
https://seclists.org/fulldisclosure/2012/Dec/39