NVD Vulnerability Detail

CVE-2022-47015

Summary	MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.
Publication Date	Jan. 21, 2023, 4:15 a.m.
Registration Date	Jan. 21, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 4:31 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954	Patch Third Party Advisory
2	https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954	Patch Third Party Advisory
3	https://lists.debian.org/debian-lts-announce/2023/06/msg00005.html	Mailing List Third Party Advisory
4	https://lists.debian.org/debian-lts-announce/2023/06/msg00005.html	Mailing List Third Party Advisory
5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O22PO3Q6TRSNJI2A2WTJH3VVCHEKBF6C/	Mailing List Third Party Advisory
6	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O22PO3Q6TRSNJI2A2WTJH3VVCHEKBF6C/	Mailing List Third Party Advisory
7	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUQ33SPQCZQD63TWAM3XKFNVNFRGPFYU/	Mailing List Third Party Advisory
8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUQ33SPQCZQD63TWAM3XKFNVNFRGPFYU/	Mailing List Third Party Advisory
9	https://security.netapp.com/advisory/ntap-20230309-0009/	Third Party Advisory
10	https://security.netapp.com/advisory/ntap-20230309-0009/	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-476	NULL ポインタデリファレンス	https://cwe.mitre.org/data/definitions/476.html

JVN Vulnerability Information

MariaDB Server における NULL ポインタデリファレンスに関する脆弱性

Title	MariaDB Server における NULL ポインタデリファレンスに関する脆弱性
Summary	MariaDB Server には、NULL ポインタデリファレンスに関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 28, 2022, midnight
Registration Date	June 20, 2023, 3:53 p.m.
Last Update	June 20, 2023, 3:53 p.m.

Affected System

MariaDB Corporation Ab.

MariaDB 10.3.34 から 10.9.3

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2022-47015	https://www.cve.org/CVERecord?id=CVE-2022-47015
National Vulnerability Database (NVD)
2	CVE-2022-47015	https://nvd.nist.gov/vuln/detail/CVE-2022-47015

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-476	http://cwe.mitre.org/data/definitions/476.html

ベンダー情報

No	Name	URL
GitHub
1	MDEV-29644 a potential bug of null pointer dereference in spider_db_mbase::print_warnings()	https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954

その他

No	Name	URL
関連文書
1	FEDORA-2023-381f23a0ae ([SECURITY] Fedora 38 Update: mariadb-10.5.20-1.fc38)	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O22PO3Q6TRSNJI2A2WTJH3VVCHEKBF6C/
2	FEDORA-2023-b4ff407364 ([SECURITY] Fedora 37 Update: mariadb-10.5.20-1.fc37)	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUQ33SPQCZQD63TWAM3XKFNVNFRGPFYU/
3	NTAP-20230309-0009 (CVE-2022-47015 MariaDB Vulnerability in NetApp Products)	https://security.netapp.com/advisory/ntap-20230309-0009/
4	[SECURITY] [DLA 3444-1] mariadb-10.3 security update	https://lists.debian.org/debian-lts-announce/2023/06/msg00005.html

Change Log

No	Changed Details	Date of change
1	[2023年06月20日] 掲載	June 20, 2023, 10:25 a.m.