Vulnerability DatabaseCVE-2022-27448

CVE-2022-27448:
MariaDB Server vulnerability analysis and mitigation

Overview

CVE-2022-27448 is an assertion failure vulnerability discovered in MariaDB Server versions up to and including 10.9. The vulnerability specifically occurs via 'node->pcur->relpos == BTRPCUR_ON' at /row/row0mysql.cc. This issue was initially reported on March 16, 2022, and affects multiple versions of MariaDB including 10.3, 10.4, 10.5, 10.6, and 10.7 (MariaDB Issue).

Technical details

The vulnerability is classified with a CVSS v3.1 Base Score of 7.5 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The technical nature of the vulnerability involves an assertion failure that can be triggered during multi-update operations and implicit grouping. The vulnerability is categorized under CWE-617 (Reachable Assertion) (NVD Database).

Impact

When successfully exploited, this vulnerability can lead to a Denial of Service (DoS) condition. The vulnerability affects the availability of the system while having no direct impact on confidentiality or integrity (NetApp Advisory).

Mitigation and workarounds

The vulnerability has been fixed in MariaDB versions 10.3.35, 10.4.25, 10.5.16, 10.6.8, and 10.7.4. Users are advised to upgrade to these or later versions to mitigate the vulnerability (Debian Security).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer?

Request vulnerability assessment

7.5

Score

Published April 14, 2022

Severity HIGH

CNA Score N/A

Affected Technologies

MariaDB Server
Galera Cluster

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 41.2

Exploitation Probability (EPSS) 0.2

Affected packages and libraries

mariadb104-galera
mariadb105-sphinx-engine

Sources

AlmaLinux Security Advisory
- AlmaLinux 8 Severity MEDIUMHas FixAdded at: Aug 07, 2022
- AlmaLinux 9 Severity MEDIUMHas FixAdded at: Aug 10, 2022
Alpine Security Tracker
- Alpine 3.10, 3.11 Severity HIGHHas FixAdded at: Dec 03, 2023
- Alpine 3.12, 3.13, 3.14, 3.15 Severity HIGHHas FixAdded at: May 21, 2022
- Alpine 3.16 Severity HIGHHas FixAdded at: May 24, 2022
- Alpine 3.17 Severity HIGHHas FixAdded at: Nov 23, 2022
- Alpine 3.18 Severity HIGHHas FixAdded at: May 10, 2023
- Alpine 3.19 Severity HIGHHas FixAdded at: Dec 10, 2023
- Alpine 3.20 Severity HIGHHas FixAdded at: May 26, 2024
- Alpine 3.21 Severity HIGHHas FixAdded at: Dec 08, 2024
- Alpine 3.22 Severity HIGHHas FixAdded at: Jun 01, 2025
- Alpine edge Severity HIGHHas FixAdded at: Jun 19, 2023
CBL-Mariner
- CBL-Mariner 1.0, 2.0 Severity HIGHHas FixAdded at: Jun 10, 2023
Debian Security Tracker
- Debian 10, 11 Severity HIGHHas FixAdded at: Apr 15, 2022
Gentoo Advisory Database
- Gentoo Severity MEDIUMHas FixAdded at: May 09, 2024
Homebrew
- Homebrew Severity HIGHHas FixAdded at: Feb 12, 2024
Photon Security Advisory
- Photon 3.0 Severity HIGHHas FixAdded at: Jun 04, 2022
Red Hat Errata
- Red Hat 7 Severity MEDIUMNo FixAdded at: Jun 07, 2022
- Red Hat 8 Severity MEDIUMHas FixAdded at: Jun 07, 2022
- Red Hat 9 Severity MEDIUMHas FixAdded at: Sep 06, 2022
Rocky Linux Product Errata
- Rocky 9 Severity MEDIUMHas FixAdded at: May 14, 2023
Ubuntu Security Tracker
- Ubuntu 20.04, 22.04, 22.10 Severity MEDIUMHas FixAdded at: Nov 23, 2022
NVD
- Linux Severity HIGHHas FixAdded at: Apr 21, 2022