CVE-2022-31026

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31026

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31026.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-31026

Aliases

GHSA-5g4r-2qhx-vqfm

Published

2022-06-06T21:05:14Z

Modified

2025-10-21T02:34:54Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Use of Uninitialized Variable in trilogy

Details

Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_versions

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "2.1.1"
            }
        ],
        "type": ""
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31026.json"