CVE-2024-27766 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-27766 PUBLISHED CVSS 9.300000190734863 CRITICAL

An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

EPSS 30.15% · 96.6th percentile

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

30.15%

96.6th percentile

Affected Products

Vendor	Product	Versions
Bitnami	mariadb-min	11.1.0
Bitnami	mariadb	11.1.0
Bitnami	mariadb-min	11.1.0, 11.1.0, 11.1.0
Bitnami	mariadb	11.1.0, 11.1.0, 11.1.0
Bitnami	mysql-client	11.1.0, 11.1.0, 11.1.0
Bitnami	mysql-client	11.1.0

Timeline

Oct 17, 2024 CVE Published
Oct 17, 2024 Coalition ESS Score
Oct 18, 2024 EPSS Score
Oct 18, 2024 Coalition ESS Score
Oct 18, 2024 Coalition ESS Score
Oct 20, 2024 CVE Updated
Oct 21, 2024 Coalition ESS Score
Nov 23, 2024 EPSS Score
Dec 12, 2024 EPSS Score
Jan 17, 2025 EPSS Score
Jan 17, 2025 Coalition ESS Score
Feb 4, 2025 EPSS Score

References

Open in Interactive Console →