MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. https://jira.mariadb.org/browse/MDEV-26422
MDEV-26422 is duplicated by MDEV-25317: https://jira.mariadb.org/browse/MDEV-25317. Upstream commit: https://github.com/MariaDB/server/commit/eca207c46293bc72dd8d0d5622153fab4d3fccf1
Created mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090831]
Created mariadb:10.5/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090832]
Created mariadb:10.3/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090833]
Created mariadb:10.4/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090834]
Created mariadb:10.6/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090839]
Created mariadb:10.7/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090845]
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:5759 https://access.redhat.com/errata/RHSA-2022:5759
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5826 https://access.redhat.com/errata/RHSA-2022:5826
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5948 https://access.redhat.com/errata/RHSA-2022:5948
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:6306 https://access.redhat.com/errata/RHSA-2022:6306
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6443 https://access.redhat.com/errata/RHSA-2022:6443
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-27387