Lucene search

IBM6B8C4F1A97615E6082C77CCC32E2CA9FFEC8B33076BF16660A90C0EA6B436DA5

HistoryAug 16, 2022 - 6:45 a.m.

Security Bulletin: CVE-2022-27452

2022-08-1606:45:52

www.ibm.com

mariadb

segmentation fault

version 10.9

version 10.5.16

fix

powervc

cve-2022-27452

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

47.0%

JSON

Summary

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc, which is backported and fixed in 10.5.16

Vulnerability Details

CVEID:CVE-2022-27452
**DESCRIPTION:**MariaDB Server is vulnerable to a denial of service, caused by a flaw in the component sql/item_cmpfunc.cc. By sending specially-crafted SQL statements, a remote attacker could exploit this vulnerability to cause a segmentation fault, and results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224347 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
PowerVC	2.0.2.1
PowerVC	2.0.3

Remediation/Fixes

Affected Product(s)	Version(s)	Fix
PowerVC	2.0.2.1	https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/PowerVC&release=2.0.2.1&platform=All&function=fixId&fixids=2.0.2.1-PowerVC-RHEL-SLES-APAR-IT41540&includeRequisites=1&includeSupersedes=0&downloadMethod=http
PowerVC	2.0.3	https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/PowerVC&release=2.0.3&platform=All&function=fixId&fixids=2.0.3-PowerVC-RHEL-SLES-NOARCH-APAR-IT41540&includeRequisites=0&includeSupersedes=0&downloadMethod=http&login=true

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmpowervcMatch2.0.2.1standard

ibmpowervcMatch2.0.3standard

CPENameOperatorVersion
powervceq2.0.2.1
powervceq2.0.3

CPE	Name	Operator	Version
	powervc	eq	2.0.2.1
	powervc	eq	2.0.3

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

47.0%

JSON

Related for 6B8C4F1A97615E6082C77CCC32E2CA9FFEC8B33076BF16660A90C0EA6B436DA5