Unrated severityNVD Advisory· Published May 25, 2022· Updated Aug 3, 2024

CVE-2022-31624

Description

MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

Affected products

MariaDB/MariaDB Serverdescription
osv-coords3 versions
pkg:bitnami/mariadb pkg:bitnami/mariadb-min pkg:bitnami/mysql-client
< 10.2.41+ 2 more
- (no CPE)range: < 10.2.41
- (no CPE)range: < 10.2.41
- (no CPE)range: < 10.2.41

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/MariaDB/server/commit/d627d00b13ab2f2c0954ea7b77202470cb102944mitrex_refsource_MISC
jira.mariadb.org/browse/MDEV-26556mitrex_refsource_MISC
security.netapp.com/advisory/ntap-20220707-0006/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000