Launchpad CVE tracker

CVE 2022-27384

An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Related bugs and status

CVE-2022-27384 (Candidate) is related to these bugs:

Bug #1996452: CVE-2022-32091 et al affect MariaDB in Ubuntu

		In	Importance	Status
1996452	CVE-2022-32091 et al affect MariaDB in Ubuntu	mariadb-10.3 (Ubuntu)	Undecided	Fix Released
1996452	CVE-2022-32091 et al affect MariaDB in Ubuntu	mariadb-10.6 (Ubuntu)	Undecided	Fix Released
1996452	CVE-2022-32091 et al affect MariaDB in Ubuntu	mariadb-10.6 (Ubuntu Jammy)	Undecided	Fix Released
1996452	CVE-2022-32091 et al affect MariaDB in Ubuntu	mariadb-10.6 (Ubuntu Kinetic)	Undecided	Fix Released

Bug #2002281: [Debian] CVE: CVE-2021-46669/CVE-2022-27376/CVE-2022-27377...CVE-2022-32089/CVE-2022-32091: mariadb: multiple CVEs

Summary				In	Importance	Status
	2002281	[Debian] CVE: CVE-2021-46669/CVE-2022-27376/CVE-2022-27377...CVE-2022-32089/CVE-2022-32091: mariadb: multiple CVEs		StarlingX	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2022-27384

References