Bitnami package

mariadb-min

pkg:bitnami/mariadb-min

Vulnerabilities (103)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-32086	—	>= 10.4.0, < 10.4.25	10.4.25	Jul 1, 2022	MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.
CVE-2022-32085	—	>= 10.2.0, < 10.2.44	10.2.44	Jul 1, 2022	MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.
CVE-2022-32083	—	>= 10.2.0, < 10.2.44	10.2.44	Jul 1, 2022	MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.
CVE-2022-32091	—	>= 10.3.0, < 10.3.36	10.3.36	Jul 1, 2022	MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.
CVE-2022-32089	—	>= 10.4.0, < 10.4.26	10.4.26	Jul 1, 2022	MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.
CVE-2022-32084	—	>= 10.3.0, < 10.3.36	10.3.36	Jul 1, 2022	MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
CVE-2022-32082	—	>= 10.5.0, < 10.5.17	10.5.17	Jul 1, 2022	MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.
CVE-2022-32081	—	>= 10.4.0, < 10.4.26	10.4.26	Jul 1, 2022	MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.
CVE-2022-31624	—	< 10.2.41	10.2.41	May 25, 2022	MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
CVE-2022-31623	—	< 10.2.42	10.2.42	May 25, 2022	MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local us
CVE-2022-31622	—	< 10.2.42	10.2.42	May 25, 2022	MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to
CVE-2022-31621	—	< 10.2.41	10.2.41	May 25, 2022	MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denia
CVE-2022-21451	—	< 10.2.38	10.2.38	Apr 19, 2022	Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi
CVE-2022-21427	—	< 10.2.44	10.2.44	Apr 19, 2022	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
CVE-2022-27457	—	>= 10.4.0, < 10.4.25	10.4.25	Apr 14, 2022	MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.
CVE-2022-27456	—	>= 10.3.0, < 10.3.35	10.3.35	Apr 14, 2022	MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.
CVE-2022-27455	—	>= 10.4.0, < 10.4.25	10.4.25	Apr 14, 2022	MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.
CVE-2022-27452	—	>= 10.3.0, < 10.3.35	10.3.35	Apr 14, 2022	MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.
CVE-2022-27451	—	>= 10.4.0, < 10.4.25	10.4.25	Apr 14, 2022	MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.
CVE-2022-27449	—	< 10.3.35	10.3.35	Apr 14, 2022	MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.

CVE-2022-32086Jul 1, 2022
affected >= 10.4.0, < 10.4.25fixed 10.4.25
MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.
CVE-2022-32085Jul 1, 2022
affected >= 10.2.0, < 10.2.44fixed 10.2.44
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.
CVE-2022-32083Jul 1, 2022
affected >= 10.2.0, < 10.2.44fixed 10.2.44
MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.
CVE-2022-32091Jul 1, 2022
affected >= 10.3.0, < 10.3.36fixed 10.3.36
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.
CVE-2022-32089Jul 1, 2022
affected >= 10.4.0, < 10.4.26fixed 10.4.26
MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.
CVE-2022-32084Jul 1, 2022
affected >= 10.3.0, < 10.3.36fixed 10.3.36
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
CVE-2022-32082Jul 1, 2022
affected >= 10.5.0, < 10.5.17fixed 10.5.17
MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.
CVE-2022-32081Jul 1, 2022
affected >= 10.4.0, < 10.4.26fixed 10.4.26
MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.
CVE-2022-31624May 25, 2022
affected < 10.2.41fixed 10.2.41
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
CVE-2022-31623May 25, 2022
affected < 10.2.42fixed 10.2.42
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local us
CVE-2022-31622May 25, 2022
affected < 10.2.42fixed 10.2.42
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to
CVE-2022-31621May 25, 2022
affected < 10.2.41fixed 10.2.41
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denia
CVE-2022-21451Apr 19, 2022
affected < 10.2.38fixed 10.2.38
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi
CVE-2022-21427Apr 19, 2022
affected < 10.2.44fixed 10.2.44
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
CVE-2022-27457Apr 14, 2022
affected >= 10.4.0, < 10.4.25fixed 10.4.25
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.
CVE-2022-27456Apr 14, 2022
affected >= 10.3.0, < 10.3.35fixed 10.3.35
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.
CVE-2022-27455Apr 14, 2022
affected >= 10.4.0, < 10.4.25fixed 10.4.25
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.
CVE-2022-27452Apr 14, 2022
affected >= 10.3.0, < 10.3.35fixed 10.3.35
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.
CVE-2022-27451Apr 14, 2022
affected >= 10.4.0, < 10.4.25fixed 10.4.25
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.
CVE-2022-27449Apr 14, 2022
affected < 10.3.35fixed 10.3.35
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.

Page 2 of 6