CVE-2022-31621 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-31621 PUBLISHED CVSS 6.900000095367432 MEDIUM

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.

EPSS 0.03% · 9.5th percentile

Risk Scores

CVSS v4.0

6.900000095367432

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.03%

9.5th percentile

Affected Products

Vendor	Product	Versions
Bitnami	mariadb	0, 10.3.0, 10.4.0
Bitnami	mariadb-min	0, 10.3.0, 10.4.0
Bitnami	mysql-client	10.6.0, 0, 10.3.0
Bitnami	mariadb	10.6.0, 10.6.0, 0
Bitnami	mariadb-min	10.6.0, 10.5.0, 10.4.0
Bitnami	mysql-client	10.6.0, 10.5.0, 10.4.0

Timeline

May 25, 2022 CVE Published
May 26, 2022 EPSS Score
Jul 13, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Oct 19, 2022 EPSS Score
Dec 6, 2022 EPSS Score
Jan 23, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 12, 2023 EPSS Score
Apr 29, 2023 EPSS Score
Jun 16, 2023 EPSS Score
Aug 4, 2023 EPSS Score

References

Open in Interactive Console →