CVE-2022-47015

MEDIUM6.5

MariaDB Server before 10

Published Jan 20, 2023

Modified 11 months ago

Details

MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.

References

WEB

https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954

WEB

https://lists.debian.org/debian-lts-announce/2023/06/msg00005.html

ADVISORY

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O22PO3Q6TRSNJI2A2WTJH3VVCHEKBF6C/

ADVISORY

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUQ33SPQCZQD63TWAM3XKFNVNFRGPFYU/

WEB

https://security.netapp.com/advisory/ntap-20230309-0009/

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2022-47015

CVSS Analysis

CVSS v3.1

6.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

6.5/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedJan 20, 2023

ModifiedApr 3, 2025

CVE-2022-47015 | Mondoo Vulnerability Intelligence