CVE-2022-27380

medium

Published 2022-08-09 · Modified 2022-09-13

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

5.5

Description

RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate)

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description mariadb: server crash at my_decimal::operator= CVSS v3: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8mariadb:10.5-8060020220614163302.ad008a3aRHSA-2022:58262022-08-02T00:00:00Z Red Hat Enterprise Linux 8mariadb:10.3-8060020220715055054.ad008a3aRHSA-2022:64432022-09-13T00:00:00Z Red Hat Enterprise…

Description

mariadb: server crash at my_decimal::operator=

CVSS v3: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 8	`mariadb:10.5-8060020220614163302.ad008a3a`	RHSA-2022:5826	2022-08-02T00:00:00Z
Red Hat Enterprise Linux 8	`mariadb:10.3-8060020220715055054.ad008a3a`	RHSA-2022:6443	2022-09-13T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	`mariadb:10.5-8040020231006044227.522a0ee4`	RHSA-2023:6821	2023-11-08T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	`mariadb:10.5-8040020231006044227.522a0ee4`	RHSA-2023:6821	2023-11-08T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	`mariadb:10.5-8040020231006044227.522a0ee4`	RHSA-2023:6821	2023-11-08T00:00:00Z
Red Hat Enterprise Linux 9	`mariadb-3:10.5.16-2.el9_0`	RHSA-2022:5948	2022-08-09T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7	`rh-mariadb105-mariadb-3:10.5.16-2.el7`	RHSA-2022:5759	2022-07-28T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7	`rh-mariadb103-mariadb-3:10.3.35-1.el7`	RHSA-2022:6306	2022-09-01T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 7	`mariadb`	Out of support scope
Red Hat OpenStack Platform 13 (Queens)	`mariadb`	Out of support scope

Apply commands

bash fix

Apply RHSA-2022:5826 for Red Hat Enterprise Linux 8

yum update -y mariadb:10
# or:
dnf upgrade -y mariadb:10

OS impact

OS	Version	Status	Fixed in
rhel	9	fixed
sles		affected
rocky	8	fixed
rocky	9	fixed
debian	bullseye	fixed	`1:10.5.18-0+deb11u1`
almalinux	9	fixed	`mariadb-devel-10.5.16-2.el9_0.aarch64.rpm`
rhel	8	fixed

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.