OESA-2022-1681
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1681
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2022-1681.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2022-1681
- Upstream
- Published
- 2022-05-28T11:03:49Z
- Modified
- 2025-08-12T05:13:19.931003Z
- Summary
- mariadb security update
- Details
-
MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mariadbd) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and utilities.
Security Fix(es):
An issue in the component Argcomparator::comparereal_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.(CVE-2022-27379)
MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.(CVE-2022-27386)
MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimalbinsize, which is exploited via specially crafted SQL statements.(CVE-2022-27387)
An issue in the component Itemsubselect::initexprcachetracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.(CVE-2022-27384)
An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.(CVE-2022-27380)
MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component mystrcasecmp8bit, which is exploited via specially crafted SQL statements.(CVE-2022-27383)
An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.(CVE-2022-27381)
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Itemfuncin::cleanup(), which is exploited via specially crafted SQL statements.(CVE-2022-27377)
An issue in the component Createtmptable::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.(CVE-2022-27378)
MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Itemargs::walkarg, which is exploited via specially crafted SQL statements.(CVE-2022-27376)
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.(CVE-2022-27452)
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binarystring::freebuffer() at /sql/sql_string.h.(CVE-2022-27458)
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.(CVE-2022-27456)
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.(CVE-2022-27445)
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.(CVE-2022-27449)
There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->relpos == BTRPCUR_ON' at /row/row0mysql.cc.(CVE-2022-27448)
MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binarystring::freebuffer() at /sql/sql_string.h.(CVE-2022-27447)
An issue in the component Usedtablesandconstcache::usedtablesandconstcache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.(CVE-2022-27385)
MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Itemfield::usedtables/updatedependmapfororder.(CVE-2022-27382)
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.(CVE-2022-27451)
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mymbwc_latin1 at /strings/ctype-latin1.c.(CVE-2022-27457)
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.(CVE-2022-27446)
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.(CVE-2022-27444)
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mywildcmp8bit_impl at /strings/ctype-simple.c.(CVE-2022-27455)
- Database specific
{ "severity": "High" }- References
-
- https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1681
- https://nvd.nist.gov/vuln/detail/CVE-2022-27379
- https://nvd.nist.gov/vuln/detail/CVE-2022-27386
- https://nvd.nist.gov/vuln/detail/CVE-2022-27387
- https://nvd.nist.gov/vuln/detail/CVE-2022-27384
- https://nvd.nist.gov/vuln/detail/CVE-2022-27380
- https://nvd.nist.gov/vuln/detail/CVE-2022-27383
- https://nvd.nist.gov/vuln/detail/CVE-2022-27381
- https://nvd.nist.gov/vuln/detail/CVE-2022-27377
- https://nvd.nist.gov/vuln/detail/CVE-2022-27378
- https://nvd.nist.gov/vuln/detail/CVE-2022-27376
- https://nvd.nist.gov/vuln/detail/CVE-2022-27452
- https://nvd.nist.gov/vuln/detail/CVE-2022-27458
- https://nvd.nist.gov/vuln/detail/CVE-2022-27456
- https://nvd.nist.gov/vuln/detail/CVE-2022-27445
- https://nvd.nist.gov/vuln/detail/CVE-2022-27449
- https://nvd.nist.gov/vuln/detail/CVE-2022-27448
- https://nvd.nist.gov/vuln/detail/CVE-2022-27447
- https://nvd.nist.gov/vuln/detail/CVE-2022-27385
- https://nvd.nist.gov/vuln/detail/CVE-2022-27382
- https://nvd.nist.gov/vuln/detail/CVE-2022-27451
- https://nvd.nist.gov/vuln/detail/CVE-2022-27457
- https://nvd.nist.gov/vuln/detail/CVE-2022-27446
- https://nvd.nist.gov/vuln/detail/CVE-2022-27444
- https://nvd.nist.gov/vuln/detail/CVE-2022-27455
Affected packages
openEuler:20.03-LTS-SP1 / mariadb
Package
- Name
- mariadb
- Purl
- pkg:rpm/openEuler/mariadb&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.3.35-1.oe1
Ecosystem specific
{
"src": [
"mariadb-10.3.35-1.oe1.src.rpm"
],
"x86_64": [
"mariadb-errmessage-10.3.35-1.oe1.x86_64.rpm",
"mariadb-test-10.3.35-1.oe1.x86_64.rpm",
"mariadb-debugsource-10.3.35-1.oe1.x86_64.rpm",
"mariadb-embedded-devel-10.3.35-1.oe1.x86_64.rpm",
"mariadb-backup-10.3.35-1.oe1.x86_64.rpm",
"mariadb-10.3.35-1.oe1.x86_64.rpm",
"mariadb-server-10.3.35-1.oe1.x86_64.rpm",
"mariadb-gssapi-server-10.3.35-1.oe1.x86_64.rpm",
"mariadb-server-galera-10.3.35-1.oe1.x86_64.rpm",
"mariadb-debuginfo-10.3.35-1.oe1.x86_64.rpm",
"mariadb-oqgraph-engine-10.3.35-1.oe1.x86_64.rpm",
"mariadb-common-10.3.35-1.oe1.x86_64.rpm",
"mariadb-embedded-10.3.35-1.oe1.x86_64.rpm",
"mariadb-cracklib-10.3.35-1.oe1.x86_64.rpm",
"mariadb-devel-10.3.35-1.oe1.x86_64.rpm"
],
"aarch64": [
"mariadb-server-10.3.35-1.oe1.aarch64.rpm",
"mariadb-server-galera-10.3.35-1.oe1.aarch64.rpm",
"mariadb-gssapi-server-10.3.35-1.oe1.aarch64.rpm",
"mariadb-10.3.35-1.oe1.aarch64.rpm",
"mariadb-embedded-devel-10.3.35-1.oe1.aarch64.rpm",
"mariadb-debugsource-10.3.35-1.oe1.aarch64.rpm",
"mariadb-test-10.3.35-1.oe1.aarch64.rpm",
"mariadb-devel-10.3.35-1.oe1.aarch64.rpm",
"mariadb-oqgraph-engine-10.3.35-1.oe1.aarch64.rpm",
"mariadb-errmessage-10.3.35-1.oe1.aarch64.rpm",
"mariadb-cracklib-10.3.35-1.oe1.aarch64.rpm",
"mariadb-debuginfo-10.3.35-1.oe1.aarch64.rpm",
"mariadb-embedded-10.3.35-1.oe1.aarch64.rpm",
"mariadb-backup-10.3.35-1.oe1.aarch64.rpm",
"mariadb-common-10.3.35-1.oe1.aarch64.rpm"
]
}
openEuler:20.03-LTS-SP3 / mariadb
Package
- Name
- mariadb
- Purl
- pkg:rpm/openEuler/mariadb&distro=openEuler-20.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.3.35-1.oe1
Ecosystem specific
{
"src": [
"mariadb-10.3.35-1.oe1.src.rpm"
],
"x86_64": [
"mariadb-10.3.35-1.oe1.x86_64.rpm",
"mariadb-cracklib-10.3.35-1.oe1.x86_64.rpm",
"mariadb-server-10.3.35-1.oe1.x86_64.rpm",
"mariadb-oqgraph-engine-10.3.35-1.oe1.x86_64.rpm",
"mariadb-gssapi-server-10.3.35-1.oe1.x86_64.rpm",
"mariadb-test-10.3.35-1.oe1.x86_64.rpm",
"mariadb-errmessage-10.3.35-1.oe1.x86_64.rpm",
"mariadb-debuginfo-10.3.35-1.oe1.x86_64.rpm",
"mariadb-devel-10.3.35-1.oe1.x86_64.rpm",
"mariadb-server-galera-10.3.35-1.oe1.x86_64.rpm",
"mariadb-backup-10.3.35-1.oe1.x86_64.rpm",
"mariadb-embedded-devel-10.3.35-1.oe1.x86_64.rpm",
"mariadb-embedded-10.3.35-1.oe1.x86_64.rpm",
"mariadb-common-10.3.35-1.oe1.x86_64.rpm",
"mariadb-debugsource-10.3.35-1.oe1.x86_64.rpm"
],
"aarch64": [
"mariadb-backup-10.3.35-1.oe1.aarch64.rpm",
"mariadb-cracklib-10.3.35-1.oe1.aarch64.rpm",
"mariadb-common-10.3.35-1.oe1.aarch64.rpm",
"mariadb-embedded-10.3.35-1.oe1.aarch64.rpm",
"mariadb-oqgraph-engine-10.3.35-1.oe1.aarch64.rpm",
"mariadb-server-galera-10.3.35-1.oe1.aarch64.rpm",
"mariadb-errmessage-10.3.35-1.oe1.aarch64.rpm",
"mariadb-10.3.35-1.oe1.aarch64.rpm",
"mariadb-debuginfo-10.3.35-1.oe1.aarch64.rpm",
"mariadb-devel-10.3.35-1.oe1.aarch64.rpm",
"mariadb-server-10.3.35-1.oe1.aarch64.rpm",
"mariadb-test-10.3.35-1.oe1.aarch64.rpm",
"mariadb-debugsource-10.3.35-1.oe1.aarch64.rpm",
"mariadb-gssapi-server-10.3.35-1.oe1.aarch64.rpm",
"mariadb-embedded-devel-10.3.35-1.oe1.aarch64.rpm"
]
}
openEuler:22.03-LTS / mariadb
Package
- Name
- mariadb
- Purl
- pkg:rpm/openEuler/mariadb&distro=openEuler-22.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.5.16-1.oe2203
Ecosystem specific
{
"src": [
"mariadb-10.5.16-1.oe2203.src.rpm"
],
"x86_64": [
"mariadb-devel-10.5.16-1.oe2203.x86_64.rpm",
"mariadb-debuginfo-10.5.16-1.oe2203.x86_64.rpm",
"mariadb-server-10.5.16-1.oe2203.x86_64.rpm",
"mariadb-oqgraph-engine-10.5.16-1.oe2203.x86_64.rpm",
"mariadb-common-10.5.16-1.oe2203.x86_64.rpm",
"mariadb-gssapi-server-10.5.16-1.oe2203.x86_64.rpm",
"mariadb-test-10.5.16-1.oe2203.x86_64.rpm",
"mariadb-server-galera-10.5.16-1.oe2203.x86_64.rpm",
"mariadb-debugsource-10.5.16-1.oe2203.x86_64.rpm",
"mariadb-backup-10.5.16-1.oe2203.x86_64.rpm",
"mariadb-config-10.5.16-1.oe2203.x86_64.rpm",
"mariadb-server-utils-10.5.16-1.oe2203.x86_64.rpm",
"mariadb-embedded-devel-10.5.16-1.oe2203.x86_64.rpm",
"mariadb-embedded-10.5.16-1.oe2203.x86_64.rpm",
"mariadb-errmsg-10.5.16-1.oe2203.x86_64.rpm",
"mariadb-pam-10.5.16-1.oe2203.x86_64.rpm",
"mariadb-10.5.16-1.oe2203.x86_64.rpm"
],
"aarch64": [
"mariadb-config-10.5.16-1.oe2203.aarch64.rpm",
"mariadb-test-10.5.16-1.oe2203.aarch64.rpm",
"mariadb-backup-10.5.16-1.oe2203.aarch64.rpm",
"mariadb-debugsource-10.5.16-1.oe2203.aarch64.rpm",
"mariadb-embedded-devel-10.5.16-1.oe2203.aarch64.rpm",
"mariadb-rocksdb-engine-10.5.16-1.oe2203.aarch64.rpm",
"mariadb-server-galera-10.5.16-1.oe2203.aarch64.rpm",
"mariadb-server-utils-10.5.16-1.oe2203.aarch64.rpm",
"mariadb-10.5.16-1.oe2203.aarch64.rpm",
"mariadb-pam-10.5.16-1.oe2203.aarch64.rpm",
"mariadb-embedded-10.5.16-1.oe2203.aarch64.rpm",
"mariadb-errmsg-10.5.16-1.oe2203.aarch64.rpm",
"mariadb-server-10.5.16-1.oe2203.aarch64.rpm",
"mariadb-debuginfo-10.5.16-1.oe2203.aarch64.rpm",
"mariadb-devel-10.5.16-1.oe2203.aarch64.rpm",
"mariadb-gssapi-server-10.5.16-1.oe2203.aarch64.rpm",
"mariadb-common-10.5.16-1.oe2203.aarch64.rpm",
"mariadb-oqgraph-engine-10.5.16-1.oe2203.aarch64.rpm"
]
}