Bug 2068211 (CVE-2022-24052) - CVE-2022-24052 mariadb: CONNECT storage engine heap-based buffer overflow
Summary: CVE-2022-24052 mariadb: CONNECT storage engine heap-based buffer overflow
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-24052
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2055709 2068213 2068214 2068215 2068216 2068217 2068218 2068219 2068220 2068221 2068222 2068223 2068224 2068225 2068226 2068227 2068228 2078334 2090650 2090651 2095292 2096273 2101781 2107051 2107053 2107058
Blocks: 2068210
TreeView+ depends on / blocked
 
Reported: 2022-03-24 17:26 UTC by Todd Cullum
Modified: 2022-11-25 20:28 UTC (History)
22 users (show)

Fixed In Version: mariadb 10.8.1, mariadb 10.7.2, mariadb 10.6.6, mariadb 10.5.14, mariadb 10.4.23 ,mariadb 10.3.33, mariadb 10.2.42
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in MariaDB. Lack of input validation leads to a heap buffer overflow. This flaw allows an authenticated, local attacker with at least a low level of privileges to submit a crafted SQL query to MariaDB and escalate their privileges to the level of the MariaDB service user, running arbitrary code.
Clone Of:
Environment:
Last Closed: 2022-11-25 20:28:14 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:5759 0 None None None 2022-07-28 16:05:52 UTC
Red Hat Product Errata RHSA-2022:5826 0 None None None 2022-08-02 10:10:04 UTC
Red Hat Product Errata RHSA-2022:5948 0 None None None 2022-08-09 12:24:27 UTC
Red Hat Product Errata RHSA-2022:6306 0 None None None 2022-09-01 14:18:13 UTC
Red Hat Product Errata RHSA-2022:6443 0 None None None 2022-09-13 09:42:02 UTC

Description Todd Cullum 2022-03-24 17:26:25 UTC 
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account.

References:
https://mariadb.com/kb/en/security/
https://www.zerodayinitiative.com/advisories/ZDI-22-367/
https://security.netapp.com/advisory/ntap-20220318-0004/
Comment 2 Todd Cullum 2022-03-24 17:31:44 UTC 
Created mariadb tracking bugs for this issue:

Affects: fedora-34 [bug 2068213]
Affects: fedora-35 [bug 2068223]


Created mariadb:10.3/mariadb tracking bugs for this issue:

Affects: fedora-34 [bug 2068214]
Affects: fedora-35 [bug 2068224]


Created mariadb:10.4/mariadb tracking bugs for this issue:

Affects: fedora-34 [bug 2068215]
Affects: fedora-35 [bug 2068225]


Created mariadb:10.5/mariadb tracking bugs for this issue:

Affects: fedora-34 [bug 2068218]
Affects: fedora-35 [bug 2068226]


Created mariadb:10.6/mariadb tracking bugs for this issue:

Affects: fedora-34 [bug 2068221]
Affects: fedora-35 [bug 2068227]


Created mariadb:10.7/mariadb tracking bugs for this issue:

Affects: fedora-34 [bug 2068222]
Affects: fedora-35 [bug 2068228]
Comment 4 errata-xmlrpc 2022-07-28 16:05:49 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2022:5759 https://access.redhat.com/errata/RHSA-2022:5759
Comment 5 errata-xmlrpc 2022-08-02 10:10:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:5826 https://access.redhat.com/errata/RHSA-2022:5826
Comment 6 errata-xmlrpc 2022-08-09 12:24:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:5948 https://access.redhat.com/errata/RHSA-2022:5948
Comment 7 errata-xmlrpc 2022-09-01 14:18:10 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2022:6306 https://access.redhat.com/errata/RHSA-2022:6306
Comment 8 errata-xmlrpc 2022-09-13 09:41:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:6443 https://access.redhat.com/errata/RHSA-2022:6443
Comment 10 Product Security DevOps Team 2022-11-25 20:28:11 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-24052
Note You need to log in before you can comment on or make changes to this bug.