ALAS2023-2023-155 --- mariadb105ID: oval:org.secpod.oval:def:19500024 | Date: (C)2023-06-12 (M)2024-02-26 |
Class: PATCH | Family: unix |
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer
Platform: |
Amazon Linux 2023 |