CVE-2022-31624

Published: May 25, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

Affected (5)

Products: Mariadb: Mariadb

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Mariadb Mariadb	Before 10.2.41
Mariadb Mariadb	From 10.3.0 to 10.3.32
Mariadb Mariadb	From 10.4.0 to 10.4.22
Mariadb Mariadb	From 10.5.0 to 10.5.13
Mariadb Mariadb	From 10.6.0 to 10.6.5

Related CWEs

Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

References (6)

https://github.com/MariaDB/server/commit/d627d00b13ab2f2c0954ea7b77202470cb102944

Source: cve@mitre.org

PatchThird Party Advisory

https://jira.mariadb.org/browse/MDEV-26556?filter=-2

Source: cve@mitre.org

Issue TrackingPermissions RequiredThird Party Advisory

https://security.netapp.com/advisory/ntap-20220707-0006/

Source: cve@mitre.org

Third Party Advisory

https://github.com/MariaDB/server/commit/d627d00b13ab2f2c0954ea7b77202470cb102944

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://jira.mariadb.org/browse/MDEV-26556?filter=-2

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPermissions RequiredThird Party Advisory

https://security.netapp.com/advisory/ntap-20220707-0006/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.