CVE-2021-27928: Code Injection
First published: Fri Mar 19 2021(Updated: )
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mariadb Mariadb | >=10.2<10.2.37 | |
| Mariadb Mariadb | >=10.3<10.3.28 | |
| Mariadb Mariadb | >=10.4<10.4.18 | |
| Mariadb Mariadb | >=10.5<10.5.9 | |
| Percona Percona Server | <=2021-03-03 | |
| Galeracluster Wsrep | <=2021-03-03 | |
| Debian Debian Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html
- https://jira.mariadb.org/browse/MDEV-25179
- https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html
- https://mariadb.com/kb/en/mariadb-10237-release-notes/
- https://mariadb.com/kb/en/mariadb-10328-release-notes/
- https://mariadb.com/kb/en/mariadb-10418-release-notes/
- https://mariadb.com/kb/en/mariadb-1059-release-notes/
- https://mariadb.com/kb/en/security/
- https://security.gentoo.org/glsa/202105-28
Frequently Asked Questions
What is the severity of CVE-2021-27928?
The severity of CVE-2021-27928 is critical with a CVSS score of 7.2.
Which software is affected by CVE-2021-27928?
MariaDB versions before 10.2.37, 10.3.28, 10.4.18, and 10.5.9, Percona Server through 2021-03-03, and Galeracluster Wsrep through 2021-03-03 for MySQL are affected.
What is the vulnerability description of CVE-2021-27928?
CVE-2021-27928 is a remote code execution issue in MariaDB, Percona Server, and Galeracluster Wsrep for MySQL. An untrusted search path leads to eval injection, allowing an attacker to execute arbitrary code.
Are there any public references for CVE-2021-27928?
Yes, you can find more information about CVE-2021-27928 at the following links: [http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html](http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html), [https://jira.mariadb.org/browse/MDEV-25179](https://jira.mariadb.org/browse/MDEV-25179), [https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html](https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html).
How can I fix the vulnerability in CVE-2021-27928?
To fix CVE-2021-27928, update MariaDB to version 10.2.37, 10.3.28, 10.4.18, or 10.5.9, update Percona Server to a version after 2021-03-03, or update Galeracluster Wsrep to a version after 2021-03-03.
- collector/nvd-index
- vendor/mariadb
- canonical/mariadb mariadb
- version/mariadb mariadb/10.2
- version/mariadb mariadb/10.3
- version/mariadb mariadb/10.4
- version/mariadb mariadb/10.5
- vendor/percona
- canonical/percona percona server
- version/percona percona server/2021-03-03
- vendor/galeracluster
- canonical/galeracluster wsrep
- version/galeracluster wsrep/2021-03-03
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0