7.5

CVE-2022-27448

Exploit
There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MariadbMariadb Version >= 10.3.0 < 10.3.35
MariadbMariadb Version >= 10.4.0 < 10.4.25
MariadbMariadb Version >= 10.5.0 < 10.5.16
MariadbMariadb Version >= 10.6.0 < 10.6.8
MariadbMariadb Version >= 10.7.0 < 10.7.4
DebianDebian Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.15% 0.799
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html
Third Party Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20220526-0006/
Third Party Advisory
https://jira.mariadb.org/browse/MDEV-28095
Patch
Third Party Advisory
Exploit
Issue Tracking