MariaDB Client 5.5.x < 5.5.36 Remote Multiple Denial of Service Vulnerabilities
PVS ID: 8132 FAMILY: Database RISK: MEDIUM NESSUS ID:Not Available
Description: Synopsis :\n\nThe remote database server is affected by multiple denial of service vulnerabilities.\n\nMariaDB is a community-developed fork of the MySQL relational database. The version of MariaDB installed on the remote host is earlier than 5.5.36, and is therefore likely to contain the following denial of service vulnerabilities:\n\n - null-pointer dereference error when handling a specially crafted SELECT statement with subqueries (though this requires 'materialization' and 'semijoin' optimizer switches to be on).\n\n - DoS vulnerability when handling KILL QUERY statements with certain concurrent SQL queries.\n\n - DoS vulnerability when parsing specially crafted NAME_CONST expression containing AND/OR expressions.\n\n - DoS vulnerability due to assertion failure when parsing specially crafted SELECT expression containing an invalid GROUP BY value.\n\n - DoS vulnerability when handling specially crafted SELECT expression with JOIN phrases (though, successful exploitation requires 'sql_mode' setting to be set to 'ONLY_FULL_GROUP_BY').\n\n - DoS vulnerability when handling concurrent UPDATE statements.\n\n - Other attacks may be possible.\n\nObserved version of MySQL server :\n%L

Solution: Upgrade to version 5.5.36, or higher, to address these vulnerabilities.

CVE Not available

Copyright Tenable Network Security Inc. 2014