CVE-2022-31623 Information

Description

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc when an error occurs (i.e. going to the err label) while executing the method create_worker_threads the held lock thd->ctrl_mutex is not released correctly which allows local users to trigger a denial of service due to the deadlock.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

https://github.com/MariaDB/server/pull/1938 https://github.com/MariaDB/server/commit/7c30bc38a588b22b01f11130cfe99e7f36accf94

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.5