Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MariaDB Server 10.1.x < 10.1.13 Multiple DoS

Medium

Synopsis

The remote database server is affected by multiple Denial of Service (DoS) attack vectors.

Description

MariaDB is a community-developed fork of the MySQL relational database. The version of MariaDB installed on the remote host is 10.1.x earlier than 10.1.13, and is therefore affected multiple vulnerabilities :

- A flaw exists in the 'Item::basic_const_item()' function that is triggered when handling nested NULLIF statements. This may allow an authenticated attacker to crash the database. (OSVDB 136368) - A flaw exists in the 'Item::cache_const_expr_analyzer()' function in 'sql/item.cc' that is triggered during the handling of caches. This may allow an authenticated attacker to crash the database. (OSVDB 136369) - A flaw exists in the 'Item_sum_field::get_tmp_table_field()' function in 'sql/item_sum.h' that is triggered during the handling of temporary tables. This may allow an authenticated attacker to crash the database. (OSVDB 136371) - A flaw exists that is triggered during the handling of a specially crafted 'QT_ITEM_FUNC_NULLIF_TO_CASE NULLIF' statement. This may allow an authenticated attacker to crash the database. (OSVDB 136372) - A flaw exists in the 'Item::save_in_field()' function that is triggered during the handling of date values. This may allow an authenticated attacker to crash the database. (OSVDB 136373)

Solution

Upgrade to version 10.1.13 or later.