CVE-2022-31621

Published: 25 May 2022

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
mariadb-10.0 Launchpad, Ubuntu, Debian	upstream	Needs triage
mariadb-10.1 Launchpad, Ubuntu, Debian	bionic	Needs triage
mariadb-10.1 Launchpad, Ubuntu, Debian	upstream	Needs triage
mariadb-10.3 Launchpad, Ubuntu, Debian	focal	Needs triage
mariadb-10.3 Launchpad, Ubuntu, Debian	upstream	Needs triage
mariadb-10.5 Launchpad, Ubuntu, Debian	impish	Needs triage
mariadb-10.5 Launchpad, Ubuntu, Debian	upstream	Needs triage
mariadb-10.6 Launchpad, Ubuntu, Debian	jammy	Needs triage
mariadb-10.6 Launchpad, Ubuntu, Debian	upstream	Needs triage
mariadb-5.5 Launchpad, Ubuntu, Debian	upstream	Needs triage

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2022-31621

Medium

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading