CVE-2022-27377: 
MariaDB Server vulnerability analysis and mitigation

CVE-2022-27377 affects MariaDB Server versions up to and including v10.6.3. The vulnerability involves a use-after-free issue in the component Item_func_in::cleanup(), which can be exploited through specially crafted SQL statements (NVD, MariaDB Issue).

The vulnerability is a use-after-poison issue that occurs when complex conversion is involved in blob operations within the MariaDB server. The issue manifests in the Item_func_in::cleanup() component. It has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it is network accessible, requires low attack complexity, and can be exploited without privileges or user interaction (NetApp Advisory).

When successfully exploited, this vulnerability can lead to a Denial of Service (DoS) condition in affected MariaDB server installations. The high CVSS score of 7.5 reflects the significant impact on system availability, though there are no direct impacts on confidentiality or integrity (NetApp Advisory).

The vulnerability has been fixed in MariaDB versions 10.2.44, 10.3.35, 10.4.25, 10.5.16, 10.6.8, and 10.7.4. Users are advised to upgrade to these or later versions to address the security issue (MariaDB Issue, Debian Advisory).