libmariadb/mariadblib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadblib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.
{ "vanir_signatures": [ { "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "6952442027606135929162894614051795482", "226808333526667230143963077212787108225", "336091071272911017670366939765904092730", "151527159020156594566411829374814913233", "102162187730078229297492766698177893219", "91563339908151848531346274077460576468", "114845881546031594650019308467304303611", "243917120594954867533950732662208665181", "340165741657813462633652323703174594395", "90745243017409522733773381782787642234", "144790138812063007633521189101073058562", "316647692337548621006178307256113664847", "128170776215724730045761495647682038365", "4050730958409481013900319264625377814", "238651622235208979884305350873469634014", "173593458824015598828887901200317384758", "91382770000990539890897157026068564835", "326693156351913616211983463676269075041", "323955681946102163473138871909625313199", "60859661048530879989555948167566090086", "165695854491076971140324752499222296666", "187226365362876395201603065453275478080", "242580551506749286971450837032744538899", "245298900313442218532146008824808536699", "317124507606508115203210261296724610788", "188950507312657896951029600617696463926", "242764081211181047130668465947612700283", "126087194760680105553835174856866732717", "46831687309041694093771589109402026633", "260674223820300171846594137179807938029", "39345478439542202344512727283464604059", "281215884659286549708274902123280854335", "137274654299158589354635769965127755367", "26884543679518803281583476939270897816", "229317215204436611192430566490706700102", "117770116556251355319677687907794778732", "232672229693460475922162605201967421634", "162162957513842710143048356740042289008", "329152811217042409525091253091738140002", "8701527338793008705318594801740501862", "60783755706011669762370930008171860268", "95236224665626649084887494626717493675", "332560938884582694254420132787254751447", "39056306570050422262194217466767045075", "258464979428492558803089016356914625386", "239184683103936923316603811214179339515", "224841557785421441987174519825175369512", "250366741021474000257274926541616379567", "229317215204436611192430566490706700102", "117770116556251355319677687907794778732", "232672229693460475922162605201967421634", "162162957513842710143048356740042289008", "329152811217042409525091253091738140002", "8701527338793008705318594801740501862", "60783755706011669762370930008171860268", "95236224665626649084887494626717493675", "332560938884582694254420132787254751447", "39056306570050422262194217466767045075", "258464979428492558803089016356914625386", "300696671099439187162736280161306899603", "115357198581437856837574481930847132596", "57223111232721483157025154878265324345", "306245693855114326634145747305630579657", "14273594759210414525484900422972882399", "226064935758801066388090209461941949491", "322039371342591494650323967838741993089", "25170657753376177347104692769142951973", "284343223558826146371214960236122459770", "267178159854705480287545924621161920302", "28718947049278711627932609069458747217", "19076173490218907386803943007705462610", "95585250294779390560191106198665764740", "100429890314083773895265994693509993868", "83184666081262434522265688606282630094", "191165297057657537086126505510948081616", "179356172074093877643555464037699927208", "263081409950063281925577680832980084968", "71882146533525205508007788286970538552", "295470291791925312797409837302602943774", "332445562319019621832764255314135344922", "129019944456274438060104248226562412992", "321176522691425054544991614761992486596", "227943008192775140295811825366538751717", "123749974696652419607192116526727972956", "263372456125046114622492980188433044632" ] }, "id": "CVE-2020-13249-54053a89", "deprecated": false, "target": { "file": "libmariadb/mariadb_lib.c" }, "signature_type": "Line", "source": "https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945" }, { "signature_version": "v1", "digest": { "length": 3190.0, "function_hash": "126379931598525070619262289404115770603" }, "id": "CVE-2020-13249-e528d5d1", "deprecated": false, "target": { "file": "libmariadb/mariadb_lib.c", "function": "ma_read_ok_packet" }, "signature_type": "Function", "source": "https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945" } ] }