MariaDB Client 5.5.x < 5.5.36 Remote Multiple Denial of Service Vulnerabilities

Medium

Synopsis

The remote database server is affected by multiple denial of service vulnerabilities.

Description

MariaDB is a community-developed fork of the MySQL relational database. The version of MariaDB installed on the remote host is earlier than 5.5.36, and is therefore likely to contain the following denial of service vulnerabilities:

- null-pointer dereference error when handling a specially crafted SELECT statement with subqueries (though this requires 'materialization' and 'semijoin' optimizer switches to be on).

- DoS vulnerability when handling KILL QUERY statements with certain concurrent SQL queries.

- DoS vulnerability when parsing specially crafted NAME_CONST expression containing AND/OR expressions.

- DoS vulnerability due to assertion failure when parsing specially crafted SELECT expression containing an invalid GROUP BY value.

- DoS vulnerability when handling specially crafted SELECT expression with JOIN phrases (though, successful exploitation requires 'sql_mode' setting to be set to 'ONLY_FULL_GROUP_BY').

- DoS vulnerability when handling concurrent UPDATE statements.

- Other attacks may be possible.

Solution

Upgrade to version 5.5.36, or higher, to address these vulnerabilities.