CVE-2022-47015

Description

MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.

How to fix CVE-2022-47015

To remediate CVE-2022-47015, upgrade the affected package to a fixed version below.

• Alpine/mariadb—upgrade to 10.6.13-r0 or later
• —upgrade to 10.3.39 or later
• —upgrade to 10.3.39 or later
• —upgrade to 10.3.39 or later
• —upgrade to 1:10.11.3-1 or later
• —upgrade to 1:10.3.39-0+deb10u1 or later
• —upgrade to 1:10.5.20-0+deb11u1 or later

Is CVE-2022-47015 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (7)

• from 0, < 10.6.13-r0
• >= 10.3.0, < 10.3.39, >= 10.4.0, < 10.4.29, >= 10.5.0, < 10.5.20, >= 10.6.0, < 10.6.13, >= 10.8.0, < 10.8.8, >= 10.9.0, < 10.9.6, >= 10.10.0, < 10.10.4, >= 10.11.0, < 10.11.3
• >= 10.3.0, < 10.3.39, >= 10.4.0, < 10.4.29, >= 10.5.0, < 10.5.20, >= 10.6.0, < 10.6.13, >= 10.8.0, < 10.8.8, >= 10.9.0, < 10.9.6, >= 10.10.0, < 10.10.4, >= 10.11.0, < 10.11.3
• >= 10.3.0, < 10.3.39, >= 10.4.0, < 10.4.29, >= 10.5.0, < 10.5.20, >= 10.6.0, < 10.6.13, >= 10.8.0, < 10.8.8, >= 10.9.0, < 10.9.6, >= 10.10.0, < 10.10.4, >= 10.11.0, < 10.11.3
• from 0, < 1:10.11.3-1
• from 0, < 1:10.3.39-0+deb10u1
• from 0, < 1:10.5.20-0+deb11u1

CVSS scores

References (8)

• ADVISORYsecurity.alpinelinux.org/vuln/CVE-2022-47015
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2022-47015
• WEBgithub.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954
• WEBlists.debian.org/debian-lts-announce/2023/06/msg00005.html