CVE-2022-27456

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-27456

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-27456.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-27456

Aliases

Downstream

ALPINE-CVE-2022-27456

AZL-9696

BELL-CVE-2022-27456

DEBIAN-CVE-2022-27456

DLA-3114-1

OESA-2022-1681

RHSA-2022:5759

RHSA-2022:5826

RHSA-2022:5948

RHSA-2022:6306

RHSA-2022:6443

RHSA-2023:6821

RLSA-2022:5826

RLSA-2022:5948

RLSA-2022:6443

SUSE-RU-2023:3956-1

SUSE-RU-2023:4991-1

SUSE-SU-2022:2003-1

SUSE-SU-2022:2189-1

SUSE-SU-2022:2561-1

UBUNTU-CVE-2022-27456

USN-5739-1

Related

Published

2022-04-14T12:57:02Z

Modified

2026-05-18T05:53:21.572700540Z

Summary

[none]

Details

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.

Database specific

{
    "cna_assigner": "mitre",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/27xxx/CVE-2022-27456.json"
}

References

Affected packages

Git / github.com/mariadb/server

Affected ranges

Type

GIT

Repo

https://github.com/mariadb/server

Events

Introduced

20ae591abd0bfe1bfaee546989ee163f4ef832b1

Fixed

a0d4f0f306c6e478a1f45727e8fd9c867f9672d9

Introduced

c761b43451d54eeeecdf3c102906fcce88d4e9d9

Fixed

23ddc3518f999e003d54f7a069b63b73585588aa

Introduced

7c7f9bef28aa566557da31402142f6dd8298ddd2

Fixed

7970ac7fe87d1da34e3e212dccd57b112b94b3fe

Introduced

1a647b700f6b72dc97211510a5d0c647d5d3d911

Fixed

b2187662bcba12b66667bc0531727453b3b8a666

Introduced

Fixed

99a433ed1cc2cebad93d6ece2b65691f2f49d3ea

Database specific

{
    "extracted_events": [
        {
            "introduced": "10.3.0"
        },
        {
            "fixed": "10.3.35"
        },
        {
            "introduced": "10.4.0"
        },
        {
            "fixed": "10.4.25"
        },
        {
            "introduced": "10.5.0"
        },
        {
            "fixed": "10.5.16"
        },
        {
            "introduced": "10.6.0"
        },
        {
            "fixed": "10.6.8"
        },
        {
            "introduced": "10.7.0"
        },
        {
            "fixed": "10.7.4"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*"
}

Affected versions

mariadb-10.*

mariadb-10.3.0

mariadb-10.3.1

mariadb-10.3.10

mariadb-10.3.12

mariadb-10.3.16

mariadb-10.3.17

mariadb-10.3.18

mariadb-10.3.19

mariadb-10.3.2

mariadb-10.3.20

mariadb-10.3.21

mariadb-10.3.26

mariadb-10.3.30

mariadb-10.3.31

mariadb-10.3.33

mariadb-10.3.4

mariadb-10.3.5

mariadb-10.3.6

mariadb-10.3.7

mariadb-10.4.10

mariadb-10.4.11

mariadb-10.4.20

mariadb-10.4.21

mariadb-10.4.22

mariadb-10.4.23

mariadb-10.4.3

mariadb-10.4.4

mariadb-10.4.5

mariadb-10.4.7

mariadb-10.4.9

mariadb-10.5.0

mariadb-10.5.11

mariadb-10.5.12

mariadb-10.5.13

mariadb-10.5.14

mariadb-10.5.2

mariadb-10.5.4

mariadb-10.6.0

mariadb-10.6.1

mariadb-10.6.2

mariadb-10.6.3

mariadb-10.6.4

mariadb-10.6.5

mariadb-10.6.6

mariadb-10.7.1

mariadb-10.7.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-27456.json"