CVE-2022-31621

Published: 5/25/2022 Last updated: 10/30/2024 Reserved: 5/25/2022

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	5.3	Medium	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Opam packages affected (2)

conf-mariadb conf-mysql

Products affected (1)

Product	Vendor	Version
n/a	n/a	n/a

References (10)

https://github.com/MariaDB/server/commit/b1351c15946349f9daa7e5297fb2ac6f3139e4a8
https://jira.mariadb.org/browse/MDEV-26574?filter=-2
https://security.netapp.com/advisory/ntap-20220707-0006/
https://jira.mariadb.org/browse/MDEV-26574
https://jira.mariadb.org/browse/MDEV-26561
https://github.com/MariaDB/server/commit/b1351c15946349f9daa7e5297fb2ac6f3139e4a8
https://jira.mariadb.org/browse/MDEV-26574?filter=-2
https://security.netapp.com/advisory/ntap-20220707-0006/
https://jira.mariadb.org/browse/MDEV-26574
https://jira.mariadb.org/browse/MDEV-26561