CVE-2020-13249
Summary
| CVE | CVE-2020-13249 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-05-20 19:15:00 UTC |
| Updated | 2023-11-07 03:16:00 UTC |
| Description | libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 31 | All | All | All |
| Operating System | Fedoraproject | Fedora | 32 | All | All | All |
| Application | Mariadb | Connector/c | All | All | All | All |
| Application | Mariadb | Connector/c | All | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Comparing v3.1.7...v3.1.8 · mariadb-corporation/mariadb-connector-c · GitHub | MISC | github.com | Release Notes, Third Party Advisory |
| [SECURITY] Fedora 31 Update: mariadb-connector-c-3.1.11-1.fc31 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [security-announce] openSUSE-SU-2020:0738-1: important: Security update | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [security-announce] openSUSE-SU-2020:0870-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| [SECURITY] Fedora 32 Update: mariadb-10.4.13-1.fc32 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 31 Update: mariadb-connector-c-3.1.11-1.fc31 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| sanity checks for client-supplied OK packet content · mariadb-corporation/mariadb-connector-c@2759b87 · GitHub | MISC | github.com | Patch, Third Party Advisory |
| [SECURITY] Fedora 32 Update: mariadb-10.4.13-1.fc32 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 377120 Alibaba Cloud Linux Security Update for mariadb:10.3 (ALINUX3-SA-2021:0014)
- 377366 Alibaba Cloud Linux Security Update for mariadb-connector-c (ALINUX3-SA-2021:0007)
- 940149 AlmaLinux Security Update for mariadb-connector-c (ALSA-2020:5503)
- 940295 AlmaLinux Security Update for mariadb:10.3 (ALSA-2020:5500)
- 960426 Rocky Linux Security Update for mariadb-connector-c (RLSA-2020:5503)
- 960453 Rocky Linux Security Update for mariadb:10.3 (RLSA-2020:5500)