What is the vulnerability ID?

The vulnerability ID is CVE-2022-32089.

What is the severity level of CVE-2022-32089?

The severity level of CVE-2022-32089 is high, with a severity value of 7.5.

Which versions of MariaDB are affected by CVE-2022-32089?

Versions 10.5 to 10.7 of MariaDB are affected by CVE-2022-32089.

How can I fix CVE-2022-32089?

To fix CVE-2022-32089, update your MariaDB installation to version 10.10.0 or higher.

Where can I find more information about CVE-2022-32089?

You can find more information about CVE-2022-32089 at the following references: - [CVE-2022-32089 on JIRA](https://jira.mariadb.org/browse/MDEV-26410) - [CVE-2022-32089 on Bugzilla](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2116312) - [CVE-2022-32089 Red Hat Advisory](https://access.redhat.com/errata/RHSA-2023:5684)

Vulnerability/
CVE-2022-32089

high

7.5

1/7/2022

7/12/2022

CVE-2022-32089

First published: Fri Jul 01 2022(Updated: )

MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Mariadb Mariadb	>=10.4.0<10.4.26
Mariadb Mariadb	>=10.5.0<10.5.17
Mariadb Mariadb	>=10.6.0<10.6.9
Mariadb Mariadb	>=10.7.0<10.7.5
Mariadb Mariadb	>=10.8.0<10.8.4
Mariadb Mariadb	>=10.9.0<10.9.2
Fedoraproject Fedora	=35
Fedoraproject Fedora	=36
Fedoraproject Fedora	=37
redhat/mariadb	<10.10.0	10.10.0
redhat/mariadb	<10.9.2	10.9.2
redhat/mariadb	<10.8.4	10.8.4
redhat/mariadb	<10.7.5	10.7.5
redhat/mariadb	<10.6.9	10.6.9
redhat/mariadb	<10.5.17	10.5.17
redhat/mariadb	<10.4.26	10.4.26
ubuntu/mariadb-10.3	<1:10.3.37-0ubuntu0.20.04.1	1:10.3.37-0ubuntu0.20.04.1
ubuntu/mariadb-10.6	<1:10.6.11-0ubuntu0.22.04.1	1:10.6.11-0ubuntu0.22.04.1
ubuntu/mariadb-10.6	<1:10.6.9-1	1:10.6.9-1
debian/mariadb-10.3		1:10.3.34-0+deb10u1 1:10.3.39-0+deb10u2
debian/mariadb-10.5		1:10.5.23-0+deb11u1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-5739-1

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2022-32089.
What is the severity level of CVE-2022-32089?
The severity level of CVE-2022-32089 is high, with a severity value of 7.5.
Which versions of MariaDB are affected by CVE-2022-32089?
Versions 10.5 to 10.7 of MariaDB are affected by CVE-2022-32089.
How can I fix CVE-2022-32089?
To fix CVE-2022-32089, update your MariaDB installation to version 10.10.0 or higher.
Where can I find more information about CVE-2022-32089?
You can find more information about CVE-2022-32089 at the following references: - [CVE-2022-32089 on JIRA](https://jira.mariadb.org/browse/MDEV-26410) - [CVE-2022-32089 on Bugzilla](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2116312) - [CVE-2022-32089 Red Hat Advisory](https://access.redhat.com/errata/RHSA-2023:5684)

collector/nvd-index
agent/type
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
agent/author
agent/severity
agent/references
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-32089
agent/software-canonical-lookup
agent/tags
agent/event
collector/launchpad-cve
source/Launchpad
collector/security-tracker-debian
source/Debian
collector/nvd-cve
source/NVD
collector/usn-cve
source/Ubuntu
vendor/mariadb
canonical/mariadb mariadb
version/mariadb mariadb/10.4.0
version/mariadb mariadb/10.5.0
version/mariadb mariadb/10.6.0
version/mariadb mariadb/10.7.0
version/mariadb mariadb/10.8.0
version/mariadb mariadb/10.9.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/35
version/fedoraproject fedora/36
version/fedoraproject fedora/37
package-manager/redhat
package-manager/debian
package-manager/ubuntu