vulnerability
MariaDB: CVE-2022-47015: CWE-476
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:N/I:N/A:C) | Jan 20, 2023 | Mar 4, 2025 | May 6, 2026 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Published
Jan 20, 2023
Added
Mar 4, 2025
Modified
May 6, 2026
Description
MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.
Solution
mariadb-mariadb-upgrade-latest
References
- CWE-476
- CVE-2022-47015
- https://attackerkb.com/topics/CVE-2022-47015
- https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954
- https://lists.debian.org/debian-lts-announce/2023/06/msg00005.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O22PO3Q6TRSNJI2A2WTJH3VVCHEKBF6C/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUQ33SPQCZQD63TWAM3XKFNVNFRGPFYU/
- https://security.netapp.com/advisory/ntap-20230309-0009/
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-49793
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.