Bug 2163609 (CVE-2022-47015)

Summary: CVE-2022-47015 mariadb: NULL pointer dereference in spider_db_mbase::print_warnings()
Product: [Other] Security Response Reporter: TEJ RATHI <trathi>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bdettelb, databases-maint, dciabrin, eglynn, hhorak, jburrell, jjoyce, jorton, lhh, ljavorsk, mbayer, mburns, mcascell, mgarciac, mschorm, spower
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: mariadb 10.11.3, mariadb 10.10.4, mariadb 10.9.6, mariadb 10.8.8, mariadb 10.6.13, mariadb 10.5.20, mariadb 10.4.29, mariadb 10.3.39 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2164948, 2164949, 2164950, 2164951, 2164952, 2164953, 2173009, 2173010, 2173011, 2173012, 2173013, 2223965    
Bug Blocks: 2163512    

Description TEJ RATHI 2023-01-24 04:32:13 UTC 
MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.

https://jira.mariadb.org/browse/MDEV-29644
https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954
Comment 2 TEJ RATHI 2023-01-27 05:35:57 UTC 
Created mariadb tracking bugs for this issue:

Affects: fedora-all [bug 2164948]


Created mariadb:10.5/mariadb tracking bugs for this issue:

Affects: fedora-all [bug 2164949]


Created mariadb:10.6/mariadb tracking bugs for this issue:

Affects: fedora-all [bug 2164950]


Created mariadb:10.7/mariadb tracking bugs for this issue:

Affects: fedora-all [bug 2164951]


Created mariadb:10.8/mariadb tracking bugs for this issue:

Affects: fedora-all [bug 2164952]


Created mariadb:10.9/mariadb tracking bugs for this issue:

Affects: fedora-all [bug 2164953]
Comment 5 errata-xmlrpc 2023-09-19 14:35:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5259 https://access.redhat.com/errata/RHSA-2023:5259
Comment 6 errata-xmlrpc 2023-10-12 13:19:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5684 https://access.redhat.com/errata/RHSA-2023:5684
Comment 7 errata-xmlrpc 2023-10-12 13:25:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5683 https://access.redhat.com/errata/RHSA-2023:5683
Comment 8 errata-xmlrpc 2023-12-04 09:53:38 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2023:7633 https://access.redhat.com/errata/RHSA-2023:7633