CVE-2022-32089: 
MariaDB Server vulnerability analysis and mitigation

A segmentation fault vulnerability was discovered in MariaDB versions 10.5 through 10.7 via the component stselectlexunit::excludelevel. The vulnerability is tracked as CVE-2022-32089 and affects MariaDB versions from 10.4 onwards up to versions 10.4.26, 10.5.17, 10.6.9, and 10.7.5 (NVD, MariaDB Bug).

The vulnerability was introduced in MariaDB 10.4.3 through commit de745ecf29721795710910a19bd0ea3389da804c during the implementation of support for brackets in UNION/EXCEPT/INTERSECT operations. The issue received a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a high-severity vulnerability with network accessibility and no required privileges or user interaction (NVD).

When successfully exploited, this vulnerability can lead to a Denial of Service (DoS) condition through a segmentation fault in the database server. The vulnerability affects the availability of the system while not impacting confidentiality or integrity (NetApp Advisory).

The vulnerability has been fixed in MariaDB versions 10.4.26, 10.5.17, 10.6.9, and 10.7.5. Users are advised to upgrade to these or later versions to address the security issue. The fix was implemented through commit f439cfdf93691d451a2efe075a90526bd67b8278 in the MariaDB repository (MariaDB Bug).