ZDI-22-364: MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MariaDB Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-22-364?
The severity of ZDI-22-364 is classified as high due to its potential for local privilege escalation.
How do I fix ZDI-22-364?
To fix ZDI-22-364, upgrade to the latest version of MariaDB where the vulnerability has been patched.
Who is affected by ZDI-22-364?
ZDI-22-364 affects installations of MariaDB that allow local attackers to escalate privileges.
What type of authentication is needed for ZDI-22-364 exploitation?
Authentication is required to exploit the ZDI-22-364 vulnerability.
What specific flaw is present in ZDI-22-364?
ZDI-22-364 involves a flaw in SQL query processing that lacks validation of existence.
- agent/type
- agent/references
- agent/title
- agent/severity
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- agent/event
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-22-364
- alias/ZDI-CAN-16207
- alias/CVE-2022-24050
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/mariadb
- canonical/mariadb server