Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-5305-1
Vulnerability from osv_ubuntu
Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues.
MariaDB has been updated to 10.3.34 in Ubuntu 20.04 LTS and to 10.5.15 in Ubuntu 21.10.
In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2021-46659",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-46661",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-46663",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-46664",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-46665",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-46668",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-24048",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-24050",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-24051",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-24052",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libmariadb-dev-compat",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadb3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadbd19",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-backup",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-common",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-cracklib-password-check",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-rocksdb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-tokudb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mariadb-10.3",
"purl": "pkg:deb/ubuntu/mariadb-10.3@1:10.3.34-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.3.34-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:10.3.17-1",
"1:10.3.18-1",
"1:10.3.19-1",
"1:10.3.21-2",
"1:10.3.22-1",
"1:10.3.22-1ubuntu1",
"1:10.3.25-0ubuntu0.20.04.1",
"1:10.3.29-0ubuntu0.20.04.1",
"1:10.3.30-0ubuntu0.20.04.1",
"1:10.3.31-0ubuntu0.20.04.1",
"1:10.3.32-0ubuntu0.20.04.1"
]
}
],
"aliases": [],
"details": "Several security issues were discovered in MariaDB and this update includes\nnew upstream MariaDB versions to fix these issues.\n\nMariaDB has been updated to 10.3.34 in Ubuntu 20.04 LTS and to 10.5.15 in\nUbuntu 21.10.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n",
"id": "USN-5305-1",
"modified": "2026-04-27T14:11:27Z",
"published": "2022-02-28T12:28:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5305-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-46659"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-46661"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-46663"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-46664"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-46665"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-46668"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-24048"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-24050"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-24051"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-24052"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "mariadb-10.3, mariadb-10.5 vulnerabilities",
"upstream": [
"UBUNTU-CVE-2021-46659",
"UBUNTU-CVE-2021-46661",
"UBUNTU-CVE-2021-46663",
"UBUNTU-CVE-2021-46664",
"UBUNTU-CVE-2021-46665",
"UBUNTU-CVE-2021-46668",
"UBUNTU-CVE-2022-24048",
"UBUNTU-CVE-2022-24050",
"UBUNTU-CVE-2022-24051",
"UBUNTU-CVE-2022-24052"
]
}
ubuntu-cve-2021-46659
Vulnerability from osv_ubuntu
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libmariadb-dev-compat",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadb3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadbd19",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-backup",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-common",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-cracklib-password-check",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-rocksdb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-tokudb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mariadb-10.3",
"purl": "pkg:deb/ubuntu/mariadb-10.3@1:10.3.34-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.3.34-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:10.3.17-1",
"1:10.3.18-1",
"1:10.3.19-1",
"1:10.3.21-2",
"1:10.3.22-1",
"1:10.3.22-1ubuntu1",
"1:10.3.25-0ubuntu0.20.04.1",
"1:10.3.29-0ubuntu0.20.04.1",
"1:10.3.30-0ubuntu0.20.04.1",
"1:10.3.31-0ubuntu0.20.04.1",
"1:10.3.32-0ubuntu0.20.04.1"
]
}
],
"aliases": [],
"details": "MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.",
"id": "UBUNTU-CVE-2021-46659",
"modified": "2026-04-22T07:40:13Z",
"published": "2022-01-29T23:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-46659"
},
{
"type": "REPORT",
"url": "https://jira.mariadb.org/browse/MDEV-25631"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5305-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46659"
}
],
"related": [
"USN-5305-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-46659"
]
}
ubuntu-cve-2021-46661
Vulnerability from osv_ubuntu
MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libmariadb-dev-compat",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadb3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadbd19",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-backup",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-common",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-cracklib-password-check",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-rocksdb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-tokudb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mariadb-10.3",
"purl": "pkg:deb/ubuntu/mariadb-10.3@1:10.3.34-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.3.34-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:10.3.17-1",
"1:10.3.18-1",
"1:10.3.19-1",
"1:10.3.21-2",
"1:10.3.22-1",
"1:10.3.22-1ubuntu1",
"1:10.3.25-0ubuntu0.20.04.1",
"1:10.3.29-0ubuntu0.20.04.1",
"1:10.3.30-0ubuntu0.20.04.1",
"1:10.3.31-0ubuntu0.20.04.1",
"1:10.3.32-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libmariadb-dev-compat",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "libmariadb3",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "libmariadbd19",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-backup",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-client",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-client-10.6",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-client-core-10.6",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-common",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-cracklib-password-check",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-gssapi-client",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-gssapi-server",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-rocksdb",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-s3",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-server",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-server-10.6",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-server-core-10.6",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-test",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "1:10.6.7-2ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mariadb-10.6",
"purl": "pkg:deb/ubuntu/mariadb-10.6@1:10.6.7-2ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.6.7-2ubuntu1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": []
}
],
"aliases": [],
"details": "MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).",
"id": "UBUNTU-CVE-2021-46661",
"modified": "2026-04-22T07:40:13Z",
"published": "2022-02-01T02:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-46661"
},
{
"type": "REPORT",
"url": "https://jira.mariadb.org/browse/MDEV-25766"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5305-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46661"
}
],
"related": [
"USN-5305-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-46661"
]
}
ubuntu-cve-2021-46663
Vulnerability from osv_ubuntu
MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libmariadb-dev-compat",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadb3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadbd19",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-backup",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-common",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-cracklib-password-check",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-rocksdb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-tokudb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mariadb-10.3",
"purl": "pkg:deb/ubuntu/mariadb-10.3@1:10.3.34-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.3.34-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:10.3.17-1",
"1:10.3.18-1",
"1:10.3.19-1",
"1:10.3.21-2",
"1:10.3.22-1",
"1:10.3.22-1ubuntu1",
"1:10.3.25-0ubuntu0.20.04.1",
"1:10.3.29-0ubuntu0.20.04.1",
"1:10.3.30-0ubuntu0.20.04.1",
"1:10.3.31-0ubuntu0.20.04.1",
"1:10.3.32-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libmariadb-dev-compat",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "libmariadb3",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "libmariadbd19",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-backup",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-client",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-client-10.6",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-client-core-10.6",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-common",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-cracklib-password-check",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-gssapi-client",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-gssapi-server",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-rocksdb",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-s3",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-server",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-server-10.6",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-server-core-10.6",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-test",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "1:10.6.7-2ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mariadb-10.6",
"purl": "pkg:deb/ubuntu/mariadb-10.6@1:10.6.7-2ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.6.7-2ubuntu1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": []
}
],
"aliases": [],
"details": "MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.",
"id": "UBUNTU-CVE-2021-46663",
"modified": "2026-04-22T07:40:13Z",
"published": "2022-02-01T02:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-46663"
},
{
"type": "REPORT",
"url": "https://jira.mariadb.org/browse/MDEV-26351"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5305-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46663"
}
],
"related": [
"USN-5305-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-46663"
]
}
ubuntu-cve-2021-46664
Vulnerability from osv_ubuntu
MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libmariadb-dev-compat",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadb3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadbd19",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-backup",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-common",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-cracklib-password-check",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-rocksdb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-tokudb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mariadb-10.3",
"purl": "pkg:deb/ubuntu/mariadb-10.3@1:10.3.34-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.3.34-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:10.3.17-1",
"1:10.3.18-1",
"1:10.3.19-1",
"1:10.3.21-2",
"1:10.3.22-1",
"1:10.3.22-1ubuntu1",
"1:10.3.25-0ubuntu0.20.04.1",
"1:10.3.29-0ubuntu0.20.04.1",
"1:10.3.30-0ubuntu0.20.04.1",
"1:10.3.31-0ubuntu0.20.04.1",
"1:10.3.32-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libmariadb-dev-compat",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "libmariadb3",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "libmariadbd19",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-backup",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-client",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-client-10.6",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-client-core-10.6",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-common",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-cracklib-password-check",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-gssapi-client",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-gssapi-server",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-rocksdb",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-s3",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-server",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-server-10.6",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-server-core-10.6",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-test",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "1:10.6.7-2ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mariadb-10.6",
"purl": "pkg:deb/ubuntu/mariadb-10.6@1:10.6.7-2ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.6.7-2ubuntu1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": []
}
],
"aliases": [],
"details": "MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.",
"id": "UBUNTU-CVE-2021-46664",
"modified": "2026-04-22T07:40:13Z",
"published": "2022-02-01T02:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-46664"
},
{
"type": "REPORT",
"url": "https://jira.mariadb.org/browse/MDEV-25761"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5305-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46664"
}
],
"related": [
"USN-5305-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-46664"
]
}
ubuntu-cve-2021-46665
Vulnerability from osv_ubuntu
MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libmariadb-dev-compat",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadb3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadbd19",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-backup",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-common",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-cracklib-password-check",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-rocksdb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-tokudb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mariadb-10.3",
"purl": "pkg:deb/ubuntu/mariadb-10.3@1:10.3.34-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.3.34-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:10.3.17-1",
"1:10.3.18-1",
"1:10.3.19-1",
"1:10.3.21-2",
"1:10.3.22-1",
"1:10.3.22-1ubuntu1",
"1:10.3.25-0ubuntu0.20.04.1",
"1:10.3.29-0ubuntu0.20.04.1",
"1:10.3.30-0ubuntu0.20.04.1",
"1:10.3.31-0ubuntu0.20.04.1",
"1:10.3.32-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libmariadb-dev-compat",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "libmariadb3",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "libmariadbd19",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-backup",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-client",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-client-10.6",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-client-core-10.6",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-common",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-cracklib-password-check",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-gssapi-client",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-gssapi-server",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-rocksdb",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-s3",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-server",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-server-10.6",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-server-core-10.6",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-test",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "1:10.6.7-2ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mariadb-10.6",
"purl": "pkg:deb/ubuntu/mariadb-10.6@1:10.6.7-2ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.6.7-2ubuntu1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": []
}
],
"aliases": [],
"details": "MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.",
"id": "UBUNTU-CVE-2021-46665",
"modified": "2026-04-22T07:40:13Z",
"published": "2022-02-01T02:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-46665"
},
{
"type": "REPORT",
"url": "https://jira.mariadb.org/browse/MDEV-25636"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5305-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46665"
}
],
"related": [
"USN-5305-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-46665"
]
}
ubuntu-cve-2021-46668
Vulnerability from osv_ubuntu
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libmariadb-dev-compat",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadb3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadbd19",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-backup",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-common",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-cracklib-password-check",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-rocksdb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-tokudb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mariadb-10.3",
"purl": "pkg:deb/ubuntu/mariadb-10.3@1:10.3.34-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.3.34-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:10.3.17-1",
"1:10.3.18-1",
"1:10.3.19-1",
"1:10.3.21-2",
"1:10.3.22-1",
"1:10.3.22-1ubuntu1",
"1:10.3.25-0ubuntu0.20.04.1",
"1:10.3.29-0ubuntu0.20.04.1",
"1:10.3.30-0ubuntu0.20.04.1",
"1:10.3.31-0ubuntu0.20.04.1",
"1:10.3.32-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libmariadb-dev-compat",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "libmariadb3",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "libmariadbd19",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-backup",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-client",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-client-10.6",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-client-core-10.6",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-common",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-cracklib-password-check",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-gssapi-client",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-gssapi-server",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-rocksdb",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-s3",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-server",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-server-10.6",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-server-core-10.6",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-test",
"binary_version": "1:10.6.7-2ubuntu1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "1:10.6.7-2ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mariadb-10.6",
"purl": "pkg:deb/ubuntu/mariadb-10.6@1:10.6.7-2ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.6.7-2ubuntu1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": []
}
],
"aliases": [],
"details": "MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.",
"id": "UBUNTU-CVE-2021-46668",
"modified": "2026-04-22T07:40:13Z",
"published": "2022-02-01T02:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-46668"
},
{
"type": "REPORT",
"url": "https://jira.mariadb.org/browse/MDEV-25787"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5305-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46668"
}
],
"related": [
"USN-5305-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-46668"
]
}
ubuntu-cve-2022-24048
Vulnerability from osv_ubuntu
MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.
| URL | Type | |
|---|---|---|
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmariadbd18",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-client",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-client-10.0",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-client-core-10.0",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-common",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-plugin-tokudb",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-server",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-server-10.0",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-server-core-10.0",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-test",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "mariadb-10.0",
"purl": "pkg:deb/ubuntu/mariadb-10.0@10.0.38-0ubuntu0.16.04.1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.0.20-0ubuntu0.15.04.1",
"10.0.22-0ubuntu1",
"10.0.23-1",
"10.0.23-2",
"10.0.24-7",
"10.0.25-0ubuntu0.16.04.1",
"10.0.27-0ubuntu0.16.04.1",
"10.0.28-0ubuntu0.16.04.1",
"10.0.29-0ubuntu0.16.04.1",
"10.0.31-0ubuntu0.16.04.2",
"10.0.33-0ubuntu0.16.04.1",
"10.0.34-0ubuntu0.16.04.1",
"10.0.36-0ubuntu0.16.04.1",
"10.0.38-0ubuntu0.16.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmariadbclient-dev-compat",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "libmariadbclient18",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "libmariadbd18",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-client",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-client-10.1",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-client-core-10.1",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-common",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-cracklib-password-check",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-client",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-server",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-tokudb",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-server",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-server-10.1",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-server-core-10.1",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-test",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mariadb-10.1",
"purl": "pkg:deb/ubuntu/mariadb-10.1@1:10.1.48-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.1.25-1",
"1:10.1.29-6",
"1:10.1.34-0ubuntu0.18.04.1",
"1:10.1.38-0ubuntu0.18.04.1",
"1:10.1.38-0ubuntu0.18.04.2",
"1:10.1.40-0ubuntu0.18.04.1",
"1:10.1.41-0ubuntu0.18.04.1",
"1:10.1.43-0ubuntu0.18.04.1",
"1:10.1.44-0ubuntu0.18.04.1",
"1:10.1.47-0ubuntu0.18.04.1",
"1:10.1.48-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libmariadb-dev-compat",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadb3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadbd19",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-backup",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-common",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-cracklib-password-check",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-rocksdb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-tokudb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mariadb-10.3",
"purl": "pkg:deb/ubuntu/mariadb-10.3@1:10.3.34-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.3.34-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:10.3.17-1",
"1:10.3.18-1",
"1:10.3.19-1",
"1:10.3.21-2",
"1:10.3.22-1",
"1:10.3.22-1ubuntu1",
"1:10.3.25-0ubuntu0.20.04.1",
"1:10.3.29-0ubuntu0.20.04.1",
"1:10.3.30-0ubuntu0.20.04.1",
"1:10.3.31-0ubuntu0.20.04.1",
"1:10.3.32-0ubuntu0.20.04.1"
]
}
],
"aliases": [],
"details": "MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.",
"id": "UBUNTU-CVE-2022-24048",
"modified": "2026-04-22T07:41:30Z",
"published": "2022-02-18T20:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-24048"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5305-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24048"
}
],
"related": [
"USN-5305-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2022-24048"
]
}
ubuntu-cve-2022-24050
Vulnerability from osv_ubuntu
MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.
| URL | Type | |
|---|---|---|
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmariadbd18",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-client",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-client-10.0",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-client-core-10.0",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-common",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-plugin-tokudb",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-server",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-server-10.0",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-server-core-10.0",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-test",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "mariadb-10.0",
"purl": "pkg:deb/ubuntu/mariadb-10.0@10.0.38-0ubuntu0.16.04.1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.0.20-0ubuntu0.15.04.1",
"10.0.22-0ubuntu1",
"10.0.23-1",
"10.0.23-2",
"10.0.24-7",
"10.0.25-0ubuntu0.16.04.1",
"10.0.27-0ubuntu0.16.04.1",
"10.0.28-0ubuntu0.16.04.1",
"10.0.29-0ubuntu0.16.04.1",
"10.0.31-0ubuntu0.16.04.2",
"10.0.33-0ubuntu0.16.04.1",
"10.0.34-0ubuntu0.16.04.1",
"10.0.36-0ubuntu0.16.04.1",
"10.0.38-0ubuntu0.16.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmariadbclient-dev-compat",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "libmariadbclient18",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "libmariadbd18",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-client",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-client-10.1",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-client-core-10.1",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-common",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-cracklib-password-check",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-client",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-server",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-tokudb",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-server",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-server-10.1",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-server-core-10.1",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-test",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mariadb-10.1",
"purl": "pkg:deb/ubuntu/mariadb-10.1@1:10.1.48-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.1.25-1",
"1:10.1.29-6",
"1:10.1.34-0ubuntu0.18.04.1",
"1:10.1.38-0ubuntu0.18.04.1",
"1:10.1.38-0ubuntu0.18.04.2",
"1:10.1.40-0ubuntu0.18.04.1",
"1:10.1.41-0ubuntu0.18.04.1",
"1:10.1.43-0ubuntu0.18.04.1",
"1:10.1.44-0ubuntu0.18.04.1",
"1:10.1.47-0ubuntu0.18.04.1",
"1:10.1.48-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libmariadb-dev-compat",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadb3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadbd19",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-backup",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-common",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-cracklib-password-check",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-rocksdb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-tokudb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mariadb-10.3",
"purl": "pkg:deb/ubuntu/mariadb-10.3@1:10.3.34-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.3.34-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:10.3.17-1",
"1:10.3.18-1",
"1:10.3.19-1",
"1:10.3.21-2",
"1:10.3.22-1",
"1:10.3.22-1ubuntu1",
"1:10.3.25-0ubuntu0.20.04.1",
"1:10.3.29-0ubuntu0.20.04.1",
"1:10.3.30-0ubuntu0.20.04.1",
"1:10.3.31-0ubuntu0.20.04.1",
"1:10.3.32-0ubuntu0.20.04.1"
]
}
],
"aliases": [],
"details": "MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.",
"id": "UBUNTU-CVE-2022-24050",
"modified": "2026-04-22T07:41:30Z",
"published": "2022-02-18T20:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-24050"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5305-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24050"
}
],
"related": [
"USN-5305-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2022-24050"
]
}
ubuntu-cve-2022-24051
Vulnerability from osv_ubuntu
MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmariadbd18",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-client",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-client-10.0",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-client-core-10.0",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-common",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-plugin-tokudb",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-server",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-server-10.0",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-server-core-10.0",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-test",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "mariadb-10.0",
"purl": "pkg:deb/ubuntu/mariadb-10.0@10.0.38-0ubuntu0.16.04.1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.0.20-0ubuntu0.15.04.1",
"10.0.22-0ubuntu1",
"10.0.23-1",
"10.0.23-2",
"10.0.24-7",
"10.0.25-0ubuntu0.16.04.1",
"10.0.27-0ubuntu0.16.04.1",
"10.0.28-0ubuntu0.16.04.1",
"10.0.29-0ubuntu0.16.04.1",
"10.0.31-0ubuntu0.16.04.2",
"10.0.33-0ubuntu0.16.04.1",
"10.0.34-0ubuntu0.16.04.1",
"10.0.36-0ubuntu0.16.04.1",
"10.0.38-0ubuntu0.16.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmariadbclient-dev-compat",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "libmariadbclient18",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "libmariadbd18",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-client",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-client-10.1",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-client-core-10.1",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-common",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-cracklib-password-check",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-client",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-server",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-tokudb",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-server",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-server-10.1",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-server-core-10.1",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-test",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mariadb-10.1",
"purl": "pkg:deb/ubuntu/mariadb-10.1@1:10.1.48-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.1.25-1",
"1:10.1.29-6",
"1:10.1.34-0ubuntu0.18.04.1",
"1:10.1.38-0ubuntu0.18.04.1",
"1:10.1.38-0ubuntu0.18.04.2",
"1:10.1.40-0ubuntu0.18.04.1",
"1:10.1.41-0ubuntu0.18.04.1",
"1:10.1.43-0ubuntu0.18.04.1",
"1:10.1.44-0ubuntu0.18.04.1",
"1:10.1.47-0ubuntu0.18.04.1",
"1:10.1.48-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libmariadb-dev-compat",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadb3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadbd19",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-backup",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-common",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-cracklib-password-check",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-rocksdb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-tokudb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mariadb-10.3",
"purl": "pkg:deb/ubuntu/mariadb-10.3@1:10.3.34-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.3.34-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:10.3.17-1",
"1:10.3.18-1",
"1:10.3.19-1",
"1:10.3.21-2",
"1:10.3.22-1",
"1:10.3.22-1ubuntu1",
"1:10.3.25-0ubuntu0.20.04.1",
"1:10.3.29-0ubuntu0.20.04.1",
"1:10.3.30-0ubuntu0.20.04.1",
"1:10.3.31-0ubuntu0.20.04.1",
"1:10.3.32-0ubuntu0.20.04.1"
]
}
],
"aliases": [],
"details": "MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.",
"id": "UBUNTU-CVE-2022-24051",
"modified": "2026-04-22T07:41:30Z",
"published": "2022-02-18T20:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-24051"
},
{
"type": "REPORT",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-318/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5305-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24051"
}
],
"related": [
"USN-5305-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2022-24051"
]
}
ubuntu-cve-2022-24052
Vulnerability from osv_ubuntu
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
| URL | Type | |
|---|---|---|
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmariadbd18",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-client",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-client-10.0",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-client-core-10.0",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-common",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-plugin-tokudb",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-server",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-server-10.0",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-server-core-10.0",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-test",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "10.0.38-0ubuntu0.16.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "mariadb-10.0",
"purl": "pkg:deb/ubuntu/mariadb-10.0@10.0.38-0ubuntu0.16.04.1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.0.20-0ubuntu0.15.04.1",
"10.0.22-0ubuntu1",
"10.0.23-1",
"10.0.23-2",
"10.0.24-7",
"10.0.25-0ubuntu0.16.04.1",
"10.0.27-0ubuntu0.16.04.1",
"10.0.28-0ubuntu0.16.04.1",
"10.0.29-0ubuntu0.16.04.1",
"10.0.31-0ubuntu0.16.04.2",
"10.0.33-0ubuntu0.16.04.1",
"10.0.34-0ubuntu0.16.04.1",
"10.0.36-0ubuntu0.16.04.1",
"10.0.38-0ubuntu0.16.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmariadbclient-dev-compat",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "libmariadbclient18",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "libmariadbd18",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-client",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-client-10.1",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-client-core-10.1",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-common",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-cracklib-password-check",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-client",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-server",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-plugin-tokudb",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-server",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-server-10.1",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-server-core-10.1",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-test",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "1:10.1.48-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mariadb-10.1",
"purl": "pkg:deb/ubuntu/mariadb-10.1@1:10.1.48-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.1.25-1",
"1:10.1.29-6",
"1:10.1.34-0ubuntu0.18.04.1",
"1:10.1.38-0ubuntu0.18.04.1",
"1:10.1.38-0ubuntu0.18.04.2",
"1:10.1.40-0ubuntu0.18.04.1",
"1:10.1.41-0ubuntu0.18.04.1",
"1:10.1.43-0ubuntu0.18.04.1",
"1:10.1.44-0ubuntu0.18.04.1",
"1:10.1.47-0ubuntu0.18.04.1",
"1:10.1.48-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libmariadb-dev-compat",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadb3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "libmariadbd19",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-backup",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-client-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-common",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-connect",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-cracklib-password-check",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-client",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-gssapi-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-mroonga",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-oqgraph",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-rocksdb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-spider",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-plugin-tokudb",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-server-core-10.3",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
},
{
"binary_name": "mariadb-test-data",
"binary_version": "1:10.3.34-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mariadb-10.3",
"purl": "pkg:deb/ubuntu/mariadb-10.3@1:10.3.34-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.3.34-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:10.3.17-1",
"1:10.3.18-1",
"1:10.3.19-1",
"1:10.3.21-2",
"1:10.3.22-1",
"1:10.3.22-1ubuntu1",
"1:10.3.25-0ubuntu0.20.04.1",
"1:10.3.29-0ubuntu0.20.04.1",
"1:10.3.30-0ubuntu0.20.04.1",
"1:10.3.31-0ubuntu0.20.04.1",
"1:10.3.32-0ubuntu0.20.04.1"
]
}
],
"aliases": [],
"details": "MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.",
"id": "UBUNTU-CVE-2022-24052",
"modified": "2026-04-22T07:41:30Z",
"published": "2022-02-18T20:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-24052"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5305-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24052"
}
],
"related": [
"USN-5305-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2022-24052"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.