Fluid Attacks Database

Description

libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.10	mariadb-connector-c	=3.0.10-r0 \|\| =3.0.3-r0 \|\| =3.0.3-r1 \|\| =3.0.3-r2 \|\| =3.0.4-r0 \|\| =3.0.4-r1 \|\| =3.0.5-r0 \|\| =3.0.5-r1 \|\| =3.0.8-r0 \|\| =3.0.9-r0 \|\| >=0 <3.0.10-r1	3.0.10-r1
alpine v3.11	mariadb-connector-c	=3.0.10-r0 \|\| =3.0.3-r0 \|\| =3.0.3-r1 \|\| =3.0.3-r2 \|\| =3.0.4-r0 \|\| =3.0.4-r1 \|\| =3.0.5-r0 \|\| =3.0.5-r1 \|\| =3.0.8-r0 \|\| =3.0.9-r0 \|\| =3.1.2-r0 \|\| =3.1.3-r0 \|\| =3.1.3-r1 \|\| =3.1.5-r0 \|\| =3.1.6-r0 \|\| >=0 <3.1.6-r1	3.1.6-r1
alpine v3.9	mariadb-connector-c	=3.0.3-r0 \|\| =3.0.3-r1 \|\| =3.0.3-r2 \|\| =3.0.4-r0 \|\| =3.0.4-r1 \|\| =3.0.5-r0 \|\| =3.0.5-r1 \|\| =3.0.8-r0 \|\| >=0 <3.0.8-r1	3.0.8-r1
rpm rhel8.1	mariadb	<3:10.3.27-3.module+el8.1.0+9159+f0191ef0	3:10.3.27-3.module+el8.1.0+9159+f0191ef0
rpm rhel8	mariadb	<3:10.3.27-3.module+el8.3.0+8972+5e3224e9	3:10.3.27-3.module+el8.3.0+8972+5e3224e9
rpm rhel8.2	mariadb	<3:10.3.27-3.module+el8.2.0+9158+b3fb2ef4	3:10.3.27-3.module+el8.2.0+9158+b3fb2ef4
rpm rhel8	mariadb-connector-c	<0:3.1.11-2.el8_3	0:3.1.11-2.el8_3
rpm rhel8.1	mariadb-connector-c	<0:3.1.11-2.el8_1	0:3.1.11-2.el8_1
rpm rhel8.2	mariadb-connector-c	<0:3.1.11-2.el8_2	0:3.1.11-2.el8_2

Aliases

1. CVE-2020-132492. NVD-2020-132493. OSV-ALPINE-2020-132494. OSV-2020-132495. SECURITY-CVE-2020-13249

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.