An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. https://jira.mariadb.org/browse/MDEV-26280
Upstream commit: https://github.com/MariaDB/server/commit/3c209bfc040ddfc41ece8357d772547432353fd2
Created mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090831]
Created mariadb:10.5/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090832]
Created mariadb:10.3/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090833]
Created mariadb:10.4/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090834]
Created mariadb:10.6/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090839]
Created mariadb:10.7/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090845]
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:5759 https://access.redhat.com/errata/RHSA-2022:5759
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5826 https://access.redhat.com/errata/RHSA-2022:5826
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5948 https://access.redhat.com/errata/RHSA-2022:5948
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:6306 https://access.redhat.com/errata/RHSA-2022:6306
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6443 https://access.redhat.com/errata/RHSA-2022:6443
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-27380