Mariadb: >> Mariadb >> 10.0.16 Security Vulnerabilities
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-09-27
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-05-25
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-05-25
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-05-25
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-05-25
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-04-14
An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-04-12
MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-02-01
MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-02-01
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-02-01
Page 1