MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. https://jira.mariadb.org/browse/MDEV-26323
Upstream commit: https://github.com/MariaDB/server/commit/c05fd700970ad45735caed3a6f9930d4ce19a3bd
Created mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090831]
Created mariadb:10.5/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090832]
Created mariadb:10.3/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090833]
Created mariadb:10.4/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090834]
Created mariadb:10.6/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090839]
Created mariadb:10.7/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090845]
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:5759 https://access.redhat.com/errata/RHSA-2022:5759
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5826 https://access.redhat.com/errata/RHSA-2022:5826
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5948 https://access.redhat.com/errata/RHSA-2022:5948
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:6306 https://access.redhat.com/errata/RHSA-2022:6306
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6443 https://access.redhat.com/errata/RHSA-2022:6443
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-27383