Launchpad CVE tracker

CVE 2022-27377

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.

Related bugs and status

CVE-2022-27377 (Candidate) is related to these bugs:

Bug #1979728: mariadb/galera crash in Wallaby

Summary				In	Importance	Status
	1979728	mariadb/galera crash in Wallaby		OpenStack-Ansible	Undecided	Fix Released

Bug #1996452: CVE-2022-32091 et al affect MariaDB in Ubuntu

		In	Importance	Status
1996452	CVE-2022-32091 et al affect MariaDB in Ubuntu	mariadb-10.3 (Ubuntu)	Undecided	Fix Released
1996452	CVE-2022-32091 et al affect MariaDB in Ubuntu	mariadb-10.6 (Ubuntu)	Undecided	Fix Released
1996452	CVE-2022-32091 et al affect MariaDB in Ubuntu	mariadb-10.6 (Ubuntu Jammy)	Undecided	Fix Released
1996452	CVE-2022-32091 et al affect MariaDB in Ubuntu	mariadb-10.6 (Ubuntu Kinetic)	Undecided	Fix Released

Bug #2002281: [Debian] CVE: CVE-2021-46669/CVE-2022-27376/CVE-2022-27377...CVE-2022-32089/CVE-2022-32091: mariadb: multiple CVEs

Summary				In	Importance	Status
	2002281	[Debian] CVE: CVE-2021-46669/CVE-2022-27376/CVE-2022-27377...CVE-2022-32089/CVE-2022-32091: mariadb: multiple CVEs		StarlingX	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2022-27377

References