CVE-2022-24048

Public on 2022-02-18
Modified on 2023-06-10
Description

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.

Severity
Medium
See what this means
CVSS v3 Base Score
7.8
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 mariadb 2023-08-21 21:00 ALAS2MARIADB10.5-2023-003
Amazon Linux 2023 mariadb105 2023-02-17 20:44 ALAS2023-2023-037

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv2 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P
NVD CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H