Lucene search

[email protected]CVE-2022-38791

HistoryAug 27, 2022 - 8:15 p.m.

CVE-2022-38791

2022-08-2720:15:08

CWE-667

[email protected]

web.nvd.nist.gov

113

mariadb

cve-2022-38791

compress_write

ds_compress.cc

deadlock vulnerability

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.

Affected configurations

NVD

Node

mariadbmariadbRange10.3.0–10.3.36

mariadbmariadbRange10.4.0–10.4.26

mariadbmariadbRange10.5.0–10.5.17

mariadbmariadbRange10.6.0–10.6.9

mariadbmariadbRange10.7.0–10.7.5

mariadbmariadbRange10.8.0–10.8.4

mariadbmariadbMatch10.9.1

Node

fedoraprojectfedoraMatch35

fedoraprojectfedoraMatch36

fedoraprojectfedoraMatch37

CPENameOperatorVersion
mariadb:mariadbmariadblt10.3.36
mariadb:mariadbmariadblt10.4.26
mariadb:mariadbmariadblt10.5.17
mariadb:mariadbmariadblt10.6.9
mariadb:mariadbmariadblt10.7.5
mariadb:mariadbmariadblt10.8.4
mariadb:mariadbmariadbeq10.9.1

CPE	Name	Operator	Version
mariadb:mariadb	mariadb	lt	10.3.36
mariadb:mariadb	mariadb	lt	10.4.26
mariadb:mariadb	mariadb	lt	10.5.17
mariadb:mariadb	mariadb	lt	10.6.9
mariadb:mariadb	mariadb	lt	10.7.5
mariadb:mariadb	mariadb	lt	10.8.4
mariadb:mariadb	mariadb	eq	10.9.1