CVE-2020-13249

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-13249
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13249.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-13249
Downstream
Related
Published
2020-05-20T19:15:09Z
Modified
2025-10-15T11:34:24.161378Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

libmariadb/mariadblib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadblib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.

References

Affected packages

Git / github.com/mariadb-corporation/mariadb-connector-c

Affected ranges

Type
GIT
Repo
https://github.com/mariadb-corporation/mariadb-connector-c
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

add

v3.*

v3.0-cc-server-integ-0
v3.0.1-beta
v3.0.10
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.8-release
v3.0.9
v3.1.0
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "id": "CVE-2020-13249-54053a89",
        "source": "https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945",
        "signature_version": "v1",
        "target": {
            "file": "libmariadb/mariadb_lib.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "6952442027606135929162894614051795482",
                "226808333526667230143963077212787108225",
                "336091071272911017670366939765904092730",
                "151527159020156594566411829374814913233",
                "102162187730078229297492766698177893219",
                "91563339908151848531346274077460576468",
                "114845881546031594650019308467304303611",
                "243917120594954867533950732662208665181",
                "340165741657813462633652323703174594395",
                "90745243017409522733773381782787642234",
                "144790138812063007633521189101073058562",
                "316647692337548621006178307256113664847",
                "128170776215724730045761495647682038365",
                "4050730958409481013900319264625377814",
                "238651622235208979884305350873469634014",
                "173593458824015598828887901200317384758",
                "91382770000990539890897157026068564835",
                "326693156351913616211983463676269075041",
                "323955681946102163473138871909625313199",
                "60859661048530879989555948167566090086",
                "165695854491076971140324752499222296666",
                "187226365362876395201603065453275478080",
                "242580551506749286971450837032744538899",
                "245298900313442218532146008824808536699",
                "317124507606508115203210261296724610788",
                "188950507312657896951029600617696463926",
                "242764081211181047130668465947612700283",
                "126087194760680105553835174856866732717",
                "46831687309041694093771589109402026633",
                "260674223820300171846594137179807938029",
                "39345478439542202344512727283464604059",
                "281215884659286549708274902123280854335",
                "137274654299158589354635769965127755367",
                "26884543679518803281583476939270897816",
                "229317215204436611192430566490706700102",
                "117770116556251355319677687907794778732",
                "232672229693460475922162605201967421634",
                "162162957513842710143048356740042289008",
                "329152811217042409525091253091738140002",
                "8701527338793008705318594801740501862",
                "60783755706011669762370930008171860268",
                "95236224665626649084887494626717493675",
                "332560938884582694254420132787254751447",
                "39056306570050422262194217466767045075",
                "258464979428492558803089016356914625386",
                "239184683103936923316603811214179339515",
                "224841557785421441987174519825175369512",
                "250366741021474000257274926541616379567",
                "229317215204436611192430566490706700102",
                "117770116556251355319677687907794778732",
                "232672229693460475922162605201967421634",
                "162162957513842710143048356740042289008",
                "329152811217042409525091253091738140002",
                "8701527338793008705318594801740501862",
                "60783755706011669762370930008171860268",
                "95236224665626649084887494626717493675",
                "332560938884582694254420132787254751447",
                "39056306570050422262194217466767045075",
                "258464979428492558803089016356914625386",
                "300696671099439187162736280161306899603",
                "115357198581437856837574481930847132596",
                "57223111232721483157025154878265324345",
                "306245693855114326634145747305630579657",
                "14273594759210414525484900422972882399",
                "226064935758801066388090209461941949491",
                "322039371342591494650323967838741993089",
                "25170657753376177347104692769142951973",
                "284343223558826146371214960236122459770",
                "267178159854705480287545924621161920302",
                "28718947049278711627932609069458747217",
                "19076173490218907386803943007705462610",
                "95585250294779390560191106198665764740",
                "100429890314083773895265994693509993868",
                "83184666081262434522265688606282630094",
                "191165297057657537086126505510948081616",
                "179356172074093877643555464037699927208",
                "263081409950063281925577680832980084968",
                "71882146533525205508007788286970538552",
                "295470291791925312797409837302602943774",
                "332445562319019621832764255314135344922",
                "129019944456274438060104248226562412992",
                "321176522691425054544991614761992486596",
                "227943008192775140295811825366538751717",
                "123749974696652419607192116526727972956",
                "263372456125046114622492980188433044632"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2020-13249-e528d5d1",
        "source": "https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945",
        "signature_version": "v1",
        "target": {
            "function": "ma_read_ok_packet",
            "file": "libmariadb/mariadb_lib.c"
        },
        "digest": {
            "function_hash": "126379931598525070619262289404115770603",
            "length": 3190.0
        },
        "deprecated": false
    }
]