CVE-2022-47015

MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spiderdbmbase::print_warnings to dereference a null pointer.

References

Affected packages

Git / github.com/mariadb/server

Affected ranges

Type: GIT
Repo: https://github.com/mariadb/server
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0bb31039f54bd6a0dc8f0fc7d40e6b58a51998b0

Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2668d596d1b4da99206146e4a2a25fc2d5dabeff

Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

34762401297a98114cac7c02f664f52ccf20f809

Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

91b31ce43d0ec213998fd79d5648da965fb1f2fc

Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

be0a46b3d52b58956fd0d47d040b9f4514406954

Introduced

1a647b700f6b72dc97211510a5d0c647d5d3d911

Fixed

a24f2bb50ba4a0dd4127455f7fcdfed584937f36

Introduced

20ae591abd0bfe1bfaee546989ee163f4ef832b1

Fixed

ca001cf2048f0152689e1895e2dc15486dd0b1af

Introduced

7c7f9bef28aa566557da31402142f6dd8298ddd2

Fixed

b735ca47738a1d2e995a429f40afd620eb7d8843

Introduced

c761b43451d54eeeecdf3c102906fcce88d4e9d9

Fixed

2594da7a33580bf03590502a011679c878487d0c

Affected versions

mariadb-10.*

mariadb-10.10.1

mariadb-10.10.2

mariadb-10.10.2-release

mariadb-10.10.3

mariadb-10.10.4

mariadb-10.11.1

mariadb-10.11.2

mariadb-10.2.38

mariadb-10.2.39

mariadb-10.2.40

mariadb-10.2.41

mariadb-10.2.42

mariadb-10.2.43

mariadb-10.3.29

mariadb-10.3.30

mariadb-10.3.31

mariadb-10.3.32

mariadb-10.3.33

mariadb-10.3.34

mariadb-10.3.35

mariadb-10.3.36

mariadb-10.3.37

mariadb-10.3.38

mariadb-10.3.39

mariadb-10.4.19

mariadb-10.4.20

mariadb-10.4.21

mariadb-10.4.22

mariadb-10.4.23

mariadb-10.4.24

mariadb-10.4.25

mariadb-10.4.26

mariadb-10.4.27

mariadb-10.4.28

mariadb-10.4.29

mariadb-10.5.10

mariadb-10.5.11

mariadb-10.5.12

mariadb-10.5.13

mariadb-10.5.14

mariadb-10.5.15

mariadb-10.5.16

mariadb-10.5.17

mariadb-10.5.18

mariadb-10.5.19

mariadb-10.5.20

mariadb-10.6.0

mariadb-10.6.1

mariadb-10.6.10

mariadb-10.6.11

mariadb-10.6.12

mariadb-10.6.13

mariadb-10.6.2

mariadb-10.6.3

mariadb-10.6.4

mariadb-10.6.5

mariadb-10.6.6

mariadb-10.6.7

mariadb-10.6.8

mariadb-10.6.9

mariadb-10.7.1

mariadb-10.7.2

mariadb-10.7.3

mariadb-10.7.4

mariadb-10.7.5

mariadb-10.7.6

mariadb-10.7.7

mariadb-10.7.8

mariadb-10.8.1

mariadb-10.8.2

mariadb-10.8.3

mariadb-10.8.4

mariadb-10.8.5

mariadb-10.8.6

mariadb-10.8.7

mariadb-10.8.8

mariadb-10.9.1

mariadb-10.9.2

mariadb-10.9.3

mariadb-10.9.4

mariadb-10.9.5

mariadb-10.9.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-47015.json"

vanir_signatures

[
    {
        "id": "CVE-2022-47015-15e19535",
        "target": {
            "file": "sql/field.cc"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/mariadb/server/commit/a24f2bb50ba4a0dd4127455f7fcdfed584937f36",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "312658079401165488443406098196212865955",
                "73084194139858368013323960861700526506",
                "45551148580383206693784356496162843061",
                "297511518443520928247864669446720922934"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2022-47015-2623312f",
        "target": {
            "file": "storage/spider/spd_db_mysql.h"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/mariadb/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "262183601554466879303542139680097441797",
                "219460772531774330687168802094553720875",
                "180516640286265012657797429331672688277",
                "259411688451775829275281600708079025690",
                "308105200068685041030647761518518488227",
                "336043570082798588763913224876227651988"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2022-47015-5d09b33c",
        "target": {
            "function": "check_join_cache_usage",
            "file": "sql/sql_select.cc"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/mariadb/server/commit/2594da7a33580bf03590502a011679c878487d0c",
        "digest": {
            "function_hash": "29620726882374727492994359726732491059",
            "length": 4411.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2022-47015-64f1ddce",
        "target": {
            "function": "spider_db_mbase::print_warnings",
            "file": "storage/spider/spd_db_mysql.cc"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/mariadb/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954",
        "digest": {
            "function_hash": "80176887243444836381511454193797483904",
            "length": 1295.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2022-47015-d28cfc2b",
        "target": {
            "file": "sql/sql_select.cc"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/mariadb/server/commit/2594da7a33580bf03590502a011679c878487d0c",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "118189557732478373997286318020867696164",
                "155889006750705725047854074464264916337",
                "315138518959075738840878797839293231705",
                "126636845567606737288470163038273948620"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2022-47015-d8b1c05f",
        "target": {
            "file": "storage/spider/spd_db_mysql.cc"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/mariadb/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "254192567725623803008452046725777241988",
                "319507803863195792634278904037447303399",
                "141002786193143967955474157894371433373",
                "119698504016579500124273537942971179329",
                "41758622846282241057034844141729027389",
                "127046117630619674679145162654344087429",
                "9827524947422186008714606351842408991",
                "274357843765213334694652004279443393436",
                "251544921041534108193378618204000635506",
                "310310547847029634194500366985806513914",
                "102620932679455695300785552023806141463",
                "19177429045017051514589764559449097045",
                "30588458219454501670215019527577346619",
                "33872012908832064410468094426380856177",
                "157491852238909173588842361506269237735",
                "64362370982600800860058898856162873790",
                "44627775822241874809299137942637227990",
                "333972606457052682051807701440943671070",
                "314456323943297073334398128115641035994",
                "321583308976869202719675587584703687069",
                "128568161881214676930310378739565848615",
                "294303660624473172930612006348318247644",
                "322793817747552194949793229423212508916",
                "282910123905560167444252760160972945736",
                "116477730958547172637296691568680526459",
                "229723689330028387258787286753565275667",
                "32778791601020353828709323938623316392",
                "115946028600914397510074276633458560214",
                "193359386311141179742161875535107239682",
                "212328063663317545379023527414554797706",
                "119669661319323164289397667201505969238",
                "42005863716333758012841701291591401371",
                "220581082277654824416299837255868258588",
                "85164737961231038176058362241457429460",
                "194600565738041931503434215635297631942",
                "146393969496086621022703112500570395094",
                "34445869217857271487296990409456660560",
                "211992086002784646900754793609472939129",
                "269300072214606178217833324854666063346",
                "15109365170121484699198531554468426183",
                "114580640541125972156482976944330118628",
                "310539122930817265597320394720389033609",
                "172775085809817710686714269581698627710",
                "80739628491450587265267284322246220853",
                "152952074923147889705102893579827824474",
                "32775386887145961760668566212779757486",
                "20383471864065409997022935345527068410",
                "287019998809978238663923589986652918097",
                "105335829427684995434900375402824007037",
                "34407834833397897341595044210852560882",
                "226535631213177732171495805933097074049",
                "310038883619155113932846514889570753779",
                "309788940498478262889396841027022211380",
                "37443091159032879033940282057976618582",
                "147497497876416170177139118820927156099",
                "12006693355803981830882143522105480378",
                "100821305716773024938637942878776333387",
                "132381839429590287231718327283535754919",
                "211899479910430766449293520818908135613",
                "247506021959958802282277195862875121216",
                "86783724728335647922456817887706627868"
            ]
        },
        "signature_type": "Line"
    }
]