CVE-2022-24051

Published: Feb 18, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.

Affected (10)

Products: Mariadb: Mariadb · Fedoraproject: Fedora

1 product

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Mariadb Mariadb	From 10.2.0 to 10.2.42
Mariadb Mariadb	From 10.3.0 to 10.3.33
Mariadb Mariadb	From 10.4.0 to 10.4.23
Mariadb Mariadb	From 10.5.0 to 10.5.14
Mariadb Mariadb	From 10.6.0 to 10.6.6
Mariadb Mariadb	From 10.7.0 to 10.7.2
Mariadb Mariadb	Version 10.8.0

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34
Fedoraproject Fedora	Version 35
Fedoraproject Fedora	Version 36

Related CWEs

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (12)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD/

Source: zdi-disclosures@trendmicro.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW/

Source: zdi-disclosures@trendmicro.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO/

Source: zdi-disclosures@trendmicro.com

https://mariadb.com/kb/en/security/

Source: zdi-disclosures@trendmicro.com

PatchVendor Advisory

https://security.netapp.com/advisory/ntap-20220318-0004/

Source: zdi-disclosures@trendmicro.com

Third Party Advisory

https://www.zerodayinitiative.com/advisories/ZDI-22-318/

Source: zdi-disclosures@trendmicro.com

Third Party AdvisoryVDB Entry

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO/

Source: af854a3a-2127-422b-91ae-364da2661108

https://mariadb.com/kb/en/security/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://security.netapp.com/advisory/ntap-20220318-0004/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.zerodayinitiative.com/advisories/ZDI-22-318/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.