CVE-2020-15180

Published: 5/27/2021 Last updated: 8/4/2024 Reserved: 6/25/2020

A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.

CNA assigner: GitHub_M (a0819718-46f1-4df5-94e2-005712e83aaa) Requested by: n/a

Opam packages affected (2)

conf-mariadb conf-mysql

Products affected (2)

Product	Vendor	Version
mariadb	n/a	< a85bae262ccecc52a40c466ec067f6c915e0839d
mariadb	n/a	22.0 ap358887

References (20)

https://lists.debian.org/debian-lts-announce/2020/10/msg00021.html
https://www.debian.org/security/2020/dsa-4776
https://security.gentoo.org/glsa/202011-14
https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/
https://bugzilla.redhat.com/show_bug.cgi?id=1894919
https://lists.debian.org/debian-lts-announce/2020/10/msg00021.html
https://www.debian.org/security/2020/dsa-4776
https://security.gentoo.org/glsa/202011-14
https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/
https://bugzilla.redhat.com/show_bug.cgi?id=1894919
https://lists.debian.org/debian-lts-announce/2020/10/msg00021.html
https://www.debian.org/security/2020/dsa-4776
https://security.gentoo.org/glsa/202011-14
https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/
https://bugzilla.redhat.com/show_bug.cgi?id=1894919
https://lists.debian.org/debian-lts-announce/2020/10/msg00021.html
https://www.debian.org/security/2020/dsa-4776
https://security.gentoo.org/glsa/202011-14
https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/
https://bugzilla.redhat.com/show_bug.cgi?id=1894919