CVE-2022-31026

Source
https://cve.org/CVERecord?id=CVE-2022-31026
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31026.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-31026
Aliases
Published
2022-06-06T21:05:14Z
Modified
2026-07-08T06:01:44.842551599Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Use of Uninitialized Variable in trilogy
Details

Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "fixed": "2.1.1"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31026.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-908"
    ]
}
References

Affected packages

Git / github.com/trilogy-libraries/trilogy

Affected ranges

Type
GIT
Repo
https://github.com/trilogy-libraries/trilogy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

2.*
2.0.0
v2.*
v2.1.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31026.json"