Use-After-Free Vulnerability in MariaDB Server by MariaDB Corporation
CVE-2022-27455

7.5HIGH

Key Information:

Vendor: Mariadb
Status: Mariadb
Vendor: CVE Published:; 14 April 2022

What is CVE-2022-27455?

The MariaDB Server is affected by a use-after-free vulnerability in the my_wildcmp_8bit_impl function located in the ctype-simple.c file. This flaw may allow attackers to execute arbitrary code and compromise the security of the server. Users running versions 10.6.3 and below are particularly at risk and are advised to review their server configurations and apply necessary updates to mitigate potential threats.

References

https://jira.mariadb.org/browse/MDEV-28097

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20220526-0007/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2022
Vulnerability Reserved
Mar 21, 2022

Mariadb

What is CVE-2022-27455?

References

CVSS V3.1

Timeline