Detections
Analytics

Alpine: mariadb: security update to 10.4.25-r0

high Tenable Cloud Security Plugin ID 405534

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component
 my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions
 that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high
 privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
 attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
 crash (complete DOS) of MySQL Server. (CVE-2022-21427)

 - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component
 Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)

 - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component
 Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)

 - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to
 allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)

See Also

https://security.alpinelinux.org/vuln/CVE-2022-27445

https://security.alpinelinux.org/vuln/CVE-2022-27446

https://security.alpinelinux.org/vuln/CVE-2022-27447

https://security.alpinelinux.org/vuln/CVE-2022-27448

https://security.alpinelinux.org/vuln/CVE-2022-27449

https://security.alpinelinux.org/vuln/CVE-2022-27451

https://security.alpinelinux.org/vuln/CVE-2022-27452

https://security.alpinelinux.org/vuln/CVE-2022-27455

https://security.alpinelinux.org/vuln/CVE-2022-27456

https://security.alpinelinux.org/vuln/CVE-2022-27457

https://security.alpinelinux.org/vuln/CVE-2022-27458

https://security.alpinelinux.org/vuln/CVE-2022-21427

https://security.alpinelinux.org/vuln/CVE-2022-27376

https://security.alpinelinux.org/vuln/CVE-2022-27377

https://security.alpinelinux.org/vuln/CVE-2022-27378

https://security.alpinelinux.org/vuln/CVE-2022-27379

https://security.alpinelinux.org/vuln/CVE-2022-27380

https://security.alpinelinux.org/vuln/CVE-2022-27381

https://security.alpinelinux.org/vuln/CVE-2022-27382

https://security.alpinelinux.org/vuln/CVE-2022-27383

https://security.alpinelinux.org/vuln/CVE-2022-27384

https://security.alpinelinux.org/vuln/CVE-2022-27386

https://security.alpinelinux.org/vuln/CVE-2022-27387

https://security.alpinelinux.org/vuln/CVE-2022-27444

Plugin Details

Severity: High

ID: 405534

Version: Revision 1.26

Type: Local

Published: 10/31/2023

Updated: 11/11/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2022-27457

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 4/12/2022

Reference Information

CVE: CVE-2022-21427, CVE-2022-27376, CVE-2022-27377, CVE-2022-27378, CVE-2022-27379, CVE-2022-27380, CVE-2022-27381, CVE-2022-27382, CVE-2022-27383, CVE-2022-27384, CVE-2022-27386, CVE-2022-27387, CVE-2022-27444, CVE-2022-27445, CVE-2022-27446, CVE-2022-27447, CVE-2022-27448, CVE-2022-27449, CVE-2022-27451, CVE-2022-27452, CVE-2022-27455, CVE-2022-27456, CVE-2022-27457