CVE-2020-13249

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-13249
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13249.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-13249
Downstream
Related
Published
2020-05-20T19:15:09Z
Modified
2025-10-08T03:53:26.478649Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

libmariadb/mariadblib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadblib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.

References

Affected packages

Git / github.com/mariadb-corporation/mariadb-connector-c

Affected ranges

Type
GIT
Repo
https://github.com/mariadb-corporation/mariadb-connector-c
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

add

v3.*

v3.0-cc-server-integ-0
v3.0.1-beta
v3.0.10
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.8-release
v3.0.9
v3.1.0
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7

Database specific

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "6952442027606135929162894614051795482",
                    "226808333526667230143963077212787108225",
                    "336091071272911017670366939765904092730",
                    "151527159020156594566411829374814913233",
                    "102162187730078229297492766698177893219",
                    "91563339908151848531346274077460576468",
                    "114845881546031594650019308467304303611",
                    "243917120594954867533950732662208665181",
                    "340165741657813462633652323703174594395",
                    "90745243017409522733773381782787642234",
                    "144790138812063007633521189101073058562",
                    "316647692337548621006178307256113664847",
                    "128170776215724730045761495647682038365",
                    "4050730958409481013900319264625377814",
                    "238651622235208979884305350873469634014",
                    "173593458824015598828887901200317384758",
                    "91382770000990539890897157026068564835",
                    "326693156351913616211983463676269075041",
                    "323955681946102163473138871909625313199",
                    "60859661048530879989555948167566090086",
                    "165695854491076971140324752499222296666",
                    "187226365362876395201603065453275478080",
                    "242580551506749286971450837032744538899",
                    "245298900313442218532146008824808536699",
                    "317124507606508115203210261296724610788",
                    "188950507312657896951029600617696463926",
                    "242764081211181047130668465947612700283",
                    "126087194760680105553835174856866732717",
                    "46831687309041694093771589109402026633",
                    "260674223820300171846594137179807938029",
                    "39345478439542202344512727283464604059",
                    "281215884659286549708274902123280854335",
                    "137274654299158589354635769965127755367",
                    "26884543679518803281583476939270897816",
                    "229317215204436611192430566490706700102",
                    "117770116556251355319677687907794778732",
                    "232672229693460475922162605201967421634",
                    "162162957513842710143048356740042289008",
                    "329152811217042409525091253091738140002",
                    "8701527338793008705318594801740501862",
                    "60783755706011669762370930008171860268",
                    "95236224665626649084887494626717493675",
                    "332560938884582694254420132787254751447",
                    "39056306570050422262194217466767045075",
                    "258464979428492558803089016356914625386",
                    "239184683103936923316603811214179339515",
                    "224841557785421441987174519825175369512",
                    "250366741021474000257274926541616379567",
                    "229317215204436611192430566490706700102",
                    "117770116556251355319677687907794778732",
                    "232672229693460475922162605201967421634",
                    "162162957513842710143048356740042289008",
                    "329152811217042409525091253091738140002",
                    "8701527338793008705318594801740501862",
                    "60783755706011669762370930008171860268",
                    "95236224665626649084887494626717493675",
                    "332560938884582694254420132787254751447",
                    "39056306570050422262194217466767045075",
                    "258464979428492558803089016356914625386",
                    "300696671099439187162736280161306899603",
                    "115357198581437856837574481930847132596",
                    "57223111232721483157025154878265324345",
                    "306245693855114326634145747305630579657",
                    "14273594759210414525484900422972882399",
                    "226064935758801066388090209461941949491",
                    "322039371342591494650323967838741993089",
                    "25170657753376177347104692769142951973",
                    "284343223558826146371214960236122459770",
                    "267178159854705480287545924621161920302",
                    "28718947049278711627932609069458747217",
                    "19076173490218907386803943007705462610",
                    "95585250294779390560191106198665764740",
                    "100429890314083773895265994693509993868",
                    "83184666081262434522265688606282630094",
                    "191165297057657537086126505510948081616",
                    "179356172074093877643555464037699927208",
                    "263081409950063281925577680832980084968",
                    "71882146533525205508007788286970538552",
                    "295470291791925312797409837302602943774",
                    "332445562319019621832764255314135344922",
                    "129019944456274438060104248226562412992",
                    "321176522691425054544991614761992486596",
                    "227943008192775140295811825366538751717",
                    "123749974696652419607192116526727972956",
                    "263372456125046114622492980188433044632"
                ]
            },
            "id": "CVE-2020-13249-54053a89",
            "deprecated": false,
            "target": {
                "file": "libmariadb/mariadb_lib.c"
            },
            "signature_type": "Line",
            "source": "https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945"
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 3190.0,
                "function_hash": "126379931598525070619262289404115770603"
            },
            "id": "CVE-2020-13249-e528d5d1",
            "deprecated": false,
            "target": {
                "file": "libmariadb/mariadb_lib.c",
                "function": "ma_read_ok_packet"
            },
            "signature_type": "Function",
            "source": "https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945"
        }
    ]
}