CVE-2022-31623

Name
CVE-2022-31623
Description
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/MariaDB/server/pull/1938
MISC https://github.com/MariaDB/server/commit/7c30bc38a588b22b01f11130cfe99e7f36accf94
Third Party Advisory https://security.netapp.com/advisory/ntap-20220707-0006/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* mariadb >= None < 10.7.0
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* mariadb >= 10.3.0 < 10.3.33
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* mariadb >= 10.4.0 < 10.4.23
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* mariadb >= 10.5.0 < 10.5.14
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* mariadb >= 10.7.0 < 10.7.2
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* mariadb >= 10.6.0 < 10.6.6
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* mariadb >= None < 10.2.42

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
mariadb 3.13-main 10.5.17-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
mariadb 3.14-main 10.5.19-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
mariadb 3.17-main 10.6.14-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
mariadb 3.16-main 10.6.14-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
mariadb 3.15-main 10.6.14-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable