CVE-2022-32081

Summary

CVE	CVE-2022-32081
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-07-01 20:15:00 UTC
Updated	2023-11-07 03:47:00 UTC
Description	MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.

Risk And Classification

Problem Types: CWE-416

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	35	All	All	All
Operating System	Fedoraproject	Fedora	36	All	All	All
Operating System	Fedoraproject	Fedora	37	All	All	All
Application	Mariadb	Mariadb	All	All	All	All

References

Reference	Source	Link	Tags
[MDEV-26420] use-after-poison in Storage - Jira	MISC	jira.mariadb.org
[SECURITY] Fedora 35 Update: mariadb-10.5.18-1.fc35 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 36 Update: galera-26.4.13-1.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: mariadb-10.5.18-1.fc37 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 36 Update: galera-26.4.13-1.fc36 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 35 Update: mariadb-10.5.18-1.fc35 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 37 Update: mariadb-10.5.18-1.fc37 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
July 2022 MariaDB Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

160981 Oracle Enterprise Linux Security Update for mariadb:10.5 (ELSA-2023-5683)
160997 Oracle Enterprise Linux Security Update for galera and mariadb (ELSA-2023-5684)
181382 Debian Security Update for mariadb-10.5 (CVE-2022-32081)
199043 Ubuntu Security Notification for MariaDB Vulnerabilities (USN-5739-1)
242160 Red Hat Update for mariadb:10.5 (RHSA-2023:5683)
242162 Red Hat Update for galera and mariadb (RHSA-2023:5684)
242541 Red Hat Update for rh-mariadb105-galera and rh-mariadb105-mariadb (RHSA-2023:7633)
283363 Fedora Security Update for galera (FEDORA-2022-cf88f807f9)
283364 Fedora Security Update for galera (FEDORA-2022-333df1c4aa)
283406 Fedora Security Update for galera (FEDORA-2022-e0e9a43546)
354397 Amazon Linux Security Advisory for mariadb105 : ALAS2022-2022-245
354582 Amazon Linux Security Advisory for mariadb105 : ALAS-2022-245
355152 Amazon Linux Security Advisory for mariadb105 : ALAS2023-2023-037
356255 Amazon Linux Security Advisory for mariadb : ALASMARIADB10.5-2023-002
356265 Amazon Linux Security Advisory for mariadb : ALASMARIADB10.5-2023-003
356491 Amazon Linux Security Advisory for mariadb : ALAS2MARIADB10.5-2023-002
378963 Alibaba Cloud Linux Security Update for mariadb:10.5 (ALINUX3-SA-2023:0128)
502495 Alpine Linux Security Update for mariadb
502496 Alpine Linux Security Update for mariadb
504149 Alpine Linux Security Update for mariadb
690926 Free Berkeley Software Distribution (FreeBSD) Security Update for mariadb (36d10af7-248d-11ed-856e-d4c9ef517024)
752572 SUSE Enterprise Linux Security Update for mariadb (SUSE-SU-2022:3225-1)
753160 SUSE Enterprise Linux Security Update for mariadb (SUSE-SU-2022:3159-1)
753464 SUSE Enterprise Linux Security Update for mariadb (SUSE-SU-2022:3391-1)
902775 Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (10606)
903866 Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (10606-1)
941292 AlmaLinux Security Update for mariadb:10.5 (ALSA-2023:5683)
941294 AlmaLinux Security Update for galera and mariadb (ALSA-2023:5684)
961045 Rocky Linux Security Update for mariadb:10.5 (RLSA-2023:5683)