MariaDB DoS Vulnerability (CVE-2023-22084) - Windows

2023-11-3000:00:00

plugins.openvas.org

mariadb

windows

denial of service

vulnerability

high privileged attacker

network access

version 10.4.32

version 10.5.23

version 10.6.16

version 10.10.7

version 10.11.6

version 11.0.4

version 11.1.3

version 11.2.2

cve-2023-22084

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.1%

JSON

MariaDB is prone to a denial of service (DoS) vulnerability.

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:mariadb:mariadb";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.114199");
  script_version("2023-12-01T05:05:39+0000");
  script_tag(name:"last_modification", value:"2023-12-01 05:05:39 +0000 (Fri, 01 Dec 2023)");
  script_tag(name:"creation_date", value:"2023-11-30 15:35:30 +0000 (Thu, 30 Nov 2023)");
  script_tag(name:"cvss_base", value:"6.1");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:M/C:N/I:N/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-10-18 01:28:00 +0000 (Wed, 18 Oct 2023)");

  script_cve_id("CVE-2023-22084");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("MariaDB DoS Vulnerability (CVE-2023-22084) - Windows");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Databases");
  script_dependencies("mysql_version.nasl", "os_detection.nasl");
  script_mandatory_keys("MariaDB/installed", "Host/runs_windows");

  script_tag(name:"summary", value:"MariaDB is prone to a denial of service (DoS) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Easily exploitable vulnerability allows high privileged attacker
  with network access via multiple protocols to compromise the MariaDB Server.");

  script_tag(name:"impact", value:"Successful attacks of this vulnerability can result in
  unauthorized ability to cause a hang or frequently repeatable crash (complete DoS).");

  script_tag(name:"affected", value:"MariaDB versions prior to 10.4.32, 10.5.x prior to 10.5.23,
  10.6.x prior to 10.6.16, starting from 10.7.0 and prior to 10.10.7, 10.11.x prior to 10.11.6,
  11.0.x prior to 11.0.4, 11.1.x prior to 11.1.3 amd 11.2.x prior to 11.2.2.");

  script_tag(name:"solution", value:"Update to version 10.4.32, 10.5.23, 10.6.16, 10.10.7, 10.11.6,
  11.0.4, 11.1.3, 11.2.2 or later.");

  script_xref(name:"URL", value:"https://mariadb.com/kb/en/security/#full-list-of-cves-fixed-in-mariadb");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!version = get_app_version(cpe: CPE, port: port))
  exit(0);

if (version_is_less(version: version, test_version: "10.4.32")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "10.4.32");
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "10.5.0", test_version_up: "10.5.23")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "10.5.23");
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "10.6.0", test_version_up: "10.6.16")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "10.6.16");
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "10.7.0", test_version_up: "10.10.7")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "10.10.7");
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "10.11.0", test_version_up: "10.11.6")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "10.11.6");
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "11.0.0", test_version_up: "11.0.4")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "11.0.4");
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "11.1.0", test_version_up: "11.1.3")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "11.1.3");
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "11.2.0", test_version_up: "11.2.2")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "11.2.2");
  security_message(port: port, data: report);
  exit(0);
}

exit(99);