icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

MariaDB Server 10.1.x < 10.1.16 Multiple DoS

Medium

Synopsis

The remote database server is affected by multiple Denial of Service (DoS) attack vectors.

Description

MariaDB is a community-developed fork of the MySQL relational database. The version of MariaDB installed on the remote host is 10.1.x prior to 10.1.16, and is therefore affected by multiple vulnerabilities :

- A flaw exists in the 'get_best_group_min_max()' function in 'sql/opt_range.cc' that is triggered during the handling of query plans. This may allow an authenticated attacker to crash the database. (OSVDB 141701) - A flaw exists in the 'emb_stmt_execute()' function in 'libmysqld/lib_sql.cc' that is triggered during the handling of queries. This may allow an authenticated attacker to crash the database. (OSVDB 141702)

Solution

Upgrade to version 10.1.16 or later.