CVE-2022-32091: 
MariaDB Server vulnerability analysis and mitigation

MariaDB v10.7 was discovered to contain a use-after-poison vulnerability in _interceptormemset at /libsanitizer/sanitizercommon/sanitizercommon_interceptors.inc. The vulnerability was assigned CVE-2022-32091 and was disclosed in July 2022. This security flaw affects multiple versions of MariaDB including versions prior to 10.3.36, 10.4.26, 10.5.17, 10.6.9, 10.7.5, 10.8.4, and 10.9.2 (Debian Tracker).

The vulnerability is classified with a CVSS v3.1 base score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The attack vector is network-accessible, requires low attack complexity, needs no privileges or user interaction, and has an unchanged scope. While there is no impact on confidentiality or integrity, the vulnerability can have a high impact on system availability (Ubuntu Security).

When successfully exploited, this vulnerability could lead to a Denial of Service (DoS) condition in affected MariaDB installations. The use-after-poison vulnerability specifically affects the memory handling in the database server, which could result in system instability or crashes (NetApp Security).

The vulnerability has been fixed in MariaDB versions 10.3.36, 10.4.26, 10.5.17, 10.6.9, 10.7.5, 10.8.4, and 10.9.2. Users are advised to upgrade to these or later versions to mitigate the vulnerability. Various Linux distributions have also released security updates to address this issue, including Ubuntu, Debian, and Fedora (Fedora Update).