CVE-2022-32091

HIGH

Mariadb < 10.3.36 - Use After Free

Title source: rule

Description

MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.

References (6)

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20220818-0005/

[Exploit, Issue Tracking, Third Party Advisory] https://jira.mariadb.org/browse/MDEV-26431

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCOEGSVMIEXDZHBOSV6WVF7FAVRBR2JE/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTVAONAZXJFGHAJ4RP2OF3EAMQCOTDSQ/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHISY4YVO4S5QJYYIXCIAXBM7INOL4VY/

Scores

CVSS v3 7.5

EPSS 0.0032

EPSS Percentile 54.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-416

Status published

Affected Products (5)

mariadb/mariadb < 10.3.36

debian/debian_linux

fedoraproject/fedora

Timeline

Published Jul 01, 2022

Tracked Since Feb 18, 2026