CVE-2022-27458 - Vulnerability Details

Vendors	Products
Redhat	Enterprise Linux Rhel Software Collections

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
mariadb:10.5-8060020220614163302.ad008a3a	cpe:/a:redhat:enterprise_linux:8	RHSA-2022:5826	2022-08-02T00:00:00Z
mariadb:10.3-8060020220715055054.ad008a3a	cpe:/a:redhat:enterprise_linux:8	RHSA-2022:6443	2022-09-13T00:00:00Z
Red Hat Enterprise Linux 9
mariadb-3:10.5.16-2.el9_0	cpe:/a:redhat:enterprise_linux:9	RHSA-2022:5948	2022-08-09T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
rh-mariadb105-mariadb-3:10.5.16-2.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2022:5759	2022-07-28T00:00:00Z
rh-mariadb103-mariadb-3:10.3.35-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2022:6306	2022-09-01T00:00:00Z

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2022-27458
https://www.cve.org/CVERecord?id=CVE-2022-27458

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "REJECTED", "cveId": "CVE-2022-27458", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-05-01T21:46:11.634970", "dateRejected": "2024-05-01T00:00:00", "dateReserved": "2022-03-21T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-01T21:46:11.634970"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-27447. Reason: This candidate is a reservation duplicate of CVE-2022-27447. Notes: All CVE users should reference CVE-2022-27447 instead of this candidate."}]}}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.0 (string)

cveMetadata : { »

state : REJECTED (string)

cveId : CVE-2022-27458 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

dateUpdated : 2024-05-01T21:46:11.634970 (string)

dateRejected : 2024-05-01T00:00:00 (string)

dateReserved : 2022-03-21T00:00:00 (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2024-05-01T21:46:11.634970 (string)

}

rejectedReasons : [ »

0 : { »

lang : en (string)

value : DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-27447. Reason: This candidate is a reservation duplicate of CVE-2022-27447. Notes: All CVE users should reference CVE-2022-27447 instead of this candidate. (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2022:5826", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "mariadb:10.5-8060020220614163302.ad008a3a", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-08-02T00:00:00Z"}, {"advisory": "RHSA-2022:6443", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "mariadb:10.3-8060020220715055054.ad008a3a", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-09-13T00:00:00Z"}, {"advisory": "RHSA-2022:5948", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "mariadb-3:10.5.16-2.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-08-09T00:00:00Z"}, {"advisory": "RHSA-2022:5759", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb105-mariadb-3:10.5.16-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2022-07-28T00:00:00Z"}, {"advisory": "RHSA-2022:6306", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb103-mariadb-3:10.3.35-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2022-09-01T00:00:00Z"}], "bugzilla": {"description": "mariadb: use-after-poison in Binary_string::free_buffer", "id": "2075700", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075700"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-617", "details": ["A flaw was found in the MariaDB Server. It contains a use-after-free in the component, Binary_string::free_buffer() at /sql/sql_string.h, affecting availability."], "name": "CVE-2022-27458", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "mariadb", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "mariadb", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}], "public_date": "2020-11-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-27458\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-27458"], "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2022:5826 (string)

cpe : cpe:/a:redhat:enterprise_linux:8 (string)

package : mariadb:10.5-8060020220614163302.ad008a3a (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2022-08-02T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2022:6443 (string)

cpe : cpe:/a:redhat:enterprise_linux:8 (string)

package : mariadb:10.3-8060020220715055054.ad008a3a (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2022-09-13T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2022:5948 (string)

cpe : cpe:/a:redhat:enterprise_linux:9 (string)

package : mariadb-3:10.5.16-2.el9_0 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2022-08-09T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2022:5759 (string)

cpe : cpe:/a:redhat:rhel_software_collections:3::el7 (string)

package : rh-mariadb105-mariadb-3:10.5.16-2.el7 (string)

product_name : Red Hat Software Collections for Red Hat Enterprise Linux 7 (string)

release_date : 2022-07-28T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2022:6306 (string)

cpe : cpe:/a:redhat:rhel_software_collections:3::el7 (string)

package : rh-mariadb103-mariadb-3:10.3.35-1.el7 (string)

product_name : Red Hat Software Collections for Red Hat Enterprise Linux 7 (string)

release_date : 2022-09-01T00:00:00Z (string)

}

]

bugzilla : { »

description : mariadb: use-after-poison in Binary_string::free_buffer (string)

id : 2075700 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2075700 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 7.5 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

status : verified (string)

}

cwe : CWE-617 (string)

details : [ »

0 : A flaw was found in the MariaDB Server. It contains a use-after-free in the component, Binary_string::free_buffer() at /sql/sql_string.h, affecting availability. (string)

]

name : CVE-2022-27458 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : mariadb (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

1 : { »

cpe : cpe:/a:redhat:openstack:13 (string)

fix_state : Out of support scope (string)

package_name : mariadb (string)

product_name : Red Hat OpenStack Platform 13 (Queens) (string)

}

]

public_date : 2020-11-09T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2022-27458 https://nvd.nist.gov/vuln/detail/CVE-2022-27458 (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object