Vulnerability Details : CVE-2022-24051
MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.
Vulnerability category: OverflowExecute codeGain privilege
Products affected by CVE-2022-24051
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:10.8.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-24051
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-24051
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
7.0
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
Zero Day Initiative | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2022-24051
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by: zdi-disclosures@trendmicro.com (Primary)
References for CVE-2022-24051
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW/
[SECURITY] Fedora 34 Update: mariadb-10.5.15-1.fc34 - package-announce - Fedora Mailing-ListsMailing List;Patch;Third Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-22-318/
ZDI-22-318 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
https://security.netapp.com/advisory/ntap-20220318-0004/
February 2022 MariaDB Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://mariadb.com/kb/en/security/
Security Vulnerabilities Fixed in MariaDB - MariaDB Knowledge BasePatch;Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO/
[SECURITY] Fedora 36 Update: galera-26.4.11-1.fc36 - package-announce - Fedora Mailing-ListsMailing List;Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD/
[SECURITY] Fedora 35 Update: mariadb-10.5.15-1.fc35 - package-announce - Fedora Mailing-ListsMailing List;Patch;Third Party Advisory
Jump to