Fluid Attacks Database

Description

In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	mariadb-10.5	=1:10.5.11-1 \|\| =1:10.5.12-0+deb11u1 \|\| =1:10.5.12-1 \|\| =1:10.5.13-0+deb11u1 \|\| =1:10.5.15-0+deb11u1 \|\| >=0 <1:10.5.18-0+deb11u1	1:10.5.18-0+deb11u1
rpm rhel8	mariadb	<3:10.3.39-1.module+el8.8.0+19673+72b0d35f	3:10.3.39-1.module+el8.8.0+19673+72b0d35f
rpm rhel9.0	galera	<0:26.4.14-1.el9_0	0:26.4.14-1.el9_0
rpm rhel7	mariadb	-	-
rpm rhel8.6	mariadb	<3:10.5.22-1.module+el8.6.0+20274+5db7ad9f	3:10.5.22-1.module+el8.6.0+20274+5db7ad9f
rpm rhel9	mariadb	<3:10.5.22-1.el9_2	3:10.5.22-1.el9_2
rpm rhel9.0	mariadb	<3:10.5.22-1.el9_0	3:10.5.22-1.el9_0

Aliases

1. CVE-2022-387912. NVD-2022-387913. OSV-DEBIAN-2022-387914. OSV-2022-387915. SECURITY-TRACKER-CVE-2022-38791

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.