vulnerability

Oracle Linux: CVE-2022-24052: ELSA-2022-6443: mariadb:10.3 security and bug fix update (MODERATE) (Multiple Advisories)

Try Surface Command
Back to search
Severity
6
CVSS
(AV:L/AC:H/Au:S/C:C/I:C/A:C)
Published
2022-02-18
Added
2022-08-04
Modified
2025-01-07

Description

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
A flaw was found in MariaDB. Lack of input validation leads to a heap buffer overflow. This flaw allows an authenticated, local attacker with at least a low level of privileges to submit a crafted SQL query to MariaDB and escalate their privileges to the level of the MariaDB service user, running arbitrary code.

Solution(s)

oracle-linux-upgrade-galeraoracle-linux-upgrade-judyoracle-linux-upgrade-mariadboracle-linux-upgrade-mariadb-backuporacle-linux-upgrade-mariadb-commonoracle-linux-upgrade-mariadb-develoracle-linux-upgrade-mariadb-embeddedoracle-linux-upgrade-mariadb-embedded-develoracle-linux-upgrade-mariadb-errmsgoracle-linux-upgrade-mariadb-gssapi-serveroracle-linux-upgrade-mariadb-oqgraph-engineoracle-linux-upgrade-mariadb-pamoracle-linux-upgrade-mariadb-serveroracle-linux-upgrade-mariadb-server-galeraoracle-linux-upgrade-mariadb-server-utilsoracle-linux-upgrade-mariadb-testoracle-linux-upgrade-mysql-selinux

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today