CVE-2022-27379: 
MariaDB Server vulnerability analysis and mitigation

An issue in the component Argcomparator::comparereal_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. The vulnerability was assigned CVE-2022-27379 and affects multiple versions of MariaDB including 10.3.x, 10.4.x, 10.5.x, and 10.6.x series (NVD).

The vulnerability exists in the Argcomparator::comparereal_fixed component and can be triggered through specially crafted SQL statements. The issue has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating that it can be exploited remotely with low attack complexity and requires no privileges or user interaction (NetApp Advisory).

Successful exploitation of this vulnerability could lead to a Denial of Service (DoS) condition, affecting the availability of the MariaDB server. The high severity rating and CVSS score indicate significant potential impact on system availability, though there are no direct impacts on confidentiality or integrity (NetApp Advisory).

The vulnerability has been fixed in MariaDB versions 10.3.35, 10.4.25, 10.5.16, 10.6.8, and 10.7.4. Users are advised to upgrade to these or later versions to address the security issue. The fix was also backported to various distribution-specific packages, including Debian's security updates (Debian Advisory).