CVE-2022-32081

HIGH

MariaDB 10.4.0-10.4.25 - Use-After-Free in prepare_inplace_add_virtual

Title source: llm

MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.

Core 5

Core References

Mailing List, Third Party Advisory vendor-advisory

Mailing List, Third Party Advisory vendor-advisory

Mailing List, Third Party Advisory vendor-advisory

Exploit, Issue Tracking, Third Party Advisory

Third Party Advisory

CVSS v3 7.5

EPSS 0.0013

EPSS Percentile 32.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-416

Status published

Products (4)

fedoraproject/fedora 35

fedoraproject/fedora 36

fedoraproject/fedora 37

mariadb/mariadb 10.4.0 - 10.4.26

Published Jul 01, 2022

Tracked Since Feb 18, 2026