CVE-2022-24052

Published: Feb 18, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

Affected (10)

Products: Mariadb: Mariadb · Fedoraproject: Fedora

1 product

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Mariadb Mariadb	From 10.2.0 to 10.2.42
Mariadb Mariadb	From 10.3.0 to 10.3.33
Mariadb Mariadb	From 10.4.0 to 10.4.23
Mariadb Mariadb	From 10.5.0 to 10.5.14
Mariadb Mariadb	From 10.6.0 to 10.6.6
Mariadb Mariadb	From 10.7.0 to 10.7.2
Mariadb Mariadb	Version 10.8.0

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34
Fedoraproject Fedora	Version 35
Fedoraproject Fedora	Version 36

Related CWEs

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References (12)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD/

Source: zdi-disclosures@trendmicro.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW/

Source: zdi-disclosures@trendmicro.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO/

Source: zdi-disclosures@trendmicro.com

https://mariadb.com/kb/en/security/

Source: zdi-disclosures@trendmicro.com

PatchVendor Advisory

https://security.netapp.com/advisory/ntap-20220318-0004/

Source: zdi-disclosures@trendmicro.com

Third Party Advisory

https://www.zerodayinitiative.com/advisories/ZDI-22-367/

Source: zdi-disclosures@trendmicro.com

Third Party AdvisoryVDB Entry

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO/

Source: af854a3a-2127-422b-91ae-364da2661108

https://mariadb.com/kb/en/security/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://security.netapp.com/advisory/ntap-20220318-0004/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.zerodayinitiative.com/advisories/ZDI-22-367/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.