CVE-2022-24048 in MariaDBinfo

Summary

by MITRE • 02/18/2022

This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

Zero Day Initiative

Reservation

01/27/2022

Disclosure

02/18/2022

Moderation

accepted

Entry

VDB-193528

CPE

ready

CWE

CWE-121 (confirmed)

CVSS

7.0 (CNA)

EPSS

0.00645

KEV

Activities

very low

Sector

Finance, Government, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2022-24048
NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-24048
CVE Details	https://www.cvedetails.com/cve/CVE-2022-24048/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!