Detections
Analytics

Alpine: mariadb: security update to 10.5.16-r0

high Tenable Cloud Security Plugin ID 405541

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component
 my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)

 - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component
 Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376)

 - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component
 Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377)

 - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to
 allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378)

 - An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was
 discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
 (CVE-2022-27379)

See Also

https://security.alpinelinux.org/vuln/CVE-2022-27376

https://security.alpinelinux.org/vuln/CVE-2022-27377

https://security.alpinelinux.org/vuln/CVE-2022-27378

https://security.alpinelinux.org/vuln/CVE-2022-27379

https://security.alpinelinux.org/vuln/CVE-2022-27380

https://security.alpinelinux.org/vuln/CVE-2022-27381

https://security.alpinelinux.org/vuln/CVE-2022-27382

https://security.alpinelinux.org/vuln/CVE-2022-27383

https://security.alpinelinux.org/vuln/CVE-2022-27384

https://security.alpinelinux.org/vuln/CVE-2022-27386

https://security.alpinelinux.org/vuln/CVE-2022-27387

https://security.alpinelinux.org/vuln/CVE-2022-27444

https://security.alpinelinux.org/vuln/CVE-2022-27445

https://security.alpinelinux.org/vuln/CVE-2022-27446

https://security.alpinelinux.org/vuln/CVE-2022-27447

https://security.alpinelinux.org/vuln/CVE-2022-27448

https://security.alpinelinux.org/vuln/CVE-2022-27449

https://security.alpinelinux.org/vuln/CVE-2022-27451

https://security.alpinelinux.org/vuln/CVE-2022-27452

https://security.alpinelinux.org/vuln/CVE-2022-27455

https://security.alpinelinux.org/vuln/CVE-2022-27456

https://security.alpinelinux.org/vuln/CVE-2022-27457

https://security.alpinelinux.org/vuln/CVE-2022-27458

Plugin Details

Severity: High

ID: 405541

Version: Revision 1.26

Type: Local

Published: 10/31/2023

Updated: 11/11/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2022-27457

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 4/12/2022

Reference Information

CVE: CVE-2022-27376, CVE-2022-27377, CVE-2022-27378, CVE-2022-27379, CVE-2022-27380, CVE-2022-27381, CVE-2022-27382, CVE-2022-27383, CVE-2022-27384, CVE-2022-27386, CVE-2022-27387, CVE-2022-27444, CVE-2022-27445, CVE-2022-27446, CVE-2022-27447, CVE-2022-27448, CVE-2022-27449, CVE-2022-27451, CVE-2022-27452, CVE-2022-27455, CVE-2022-27456, CVE-2022-27457