Use-After-Free Vulnerability in MariaDB Server from MariaDB
CVE-2022-27457

7.5HIGH

Key Information:

Vendor: Mariadb
Status: Mariadb
Vendor: CVE Published:; 14 April 2022

What is CVE-2022-27457?

The MariaDB Server, specifically versions v10.6.3 and below, is affected by a use-after-free vulnerability in the my_mb_wc_latin1 component located at /strings/ctype-latin1.c. This flaw may allow attackers to exploit memory management issues, potentially leading to application crashes or other unintended behaviors. It's crucial for users and administrators running affected versions to evaluate their systems and apply appropriate patches to ensure database integrity and security.

References

https://jira.mariadb.org/browse/MDEV-28098

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20220526-0007/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2022
Vulnerability Reserved
Mar 21, 2022

Mariadb

What is CVE-2022-27457?

References

CVSS V3.1

Timeline