CVE-2022-27455: 
MariaDB Server vulnerability analysis and mitigation

MariaDB Server v10.6.3 and below contains a use-after-free vulnerability in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. The vulnerability was discovered in March 2022 and affects multiple versions of MariaDB including 10.4, 10.5, 10.6, and 10.7 (MariaDB Issue).

The vulnerability is classified with a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The issue specifically occurs in the my_wildcmp_8bit_impl function within the ctype-simple.c file, where a use-after-free condition can be triggered when processing certain SQL queries involving subqueries with outer references in HAVING clauses (NetApp Advisory, NVD).

Successful exploitation of this vulnerability could lead to Denial of Service (DoS) conditions in affected MariaDB server installations. The high CVSS score indicates that the vulnerability can be exploited remotely without requiring privileges or user interaction (NetApp Advisory).

The vulnerability has been fixed in MariaDB versions 10.4.25, 10.5.16, 10.6.8, and 10.7.4. Users are advised to upgrade to these or later versions to address the vulnerability (MariaDB Issue).