CVE-2022-32081
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
01/07/2022
Last modified:
07/11/2023
Description
MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* | 10.4.0 (including) | 10.4.26 (excluding) |
| cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* | 10.5.0 (including) | 10.5.17 (excluding) |
| cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* | 10.6.0 (including) | 10.6.9 (excluding) |
| cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* | 10.7.0 (including) | 10.7.5 (excluding) |
| cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* | 10.8.0 (including) | 10.8.4 (excluding) |
| cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* | 10.9.0 (including) | 10.9.2 (excluding) |
| cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://jira.mariadb.org/browse/MDEV-26420
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCOEGSVMIEXDZHBOSV6WVF7FAVRBR2JE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTVAONAZXJFGHAJ4RP2OF3EAMQCOTDSQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHISY4YVO4S5QJYYIXCIAXBM7INOL4VY/
- https://security.netapp.com/advisory/ntap-20220818-0005/