CVE-2022-27378 – This vulnerability in MariaDB Server allows att... (How to Fix)

Q: What is the severity of CVE-2022-27378?

CVE-2022-27378 has a CVSS score of 7.5 (HIGH). This vulnerability in MariaDB Server allows attackers to cause Denial of Service (DoS) by sending specially crafted SQL statements that trigger a flaw in the Create_tmp_table::finalize component. It affects MariaDB Server versions 10.7 and below. Database administrators and organizations running vulnerable MariaDB instances are impacted.

📋 TL;DR

This vulnerability in MariaDB Server allows attackers to cause Denial of Service (DoS) by sending specially crafted SQL statements that trigger a flaw in the Create_tmp_table::finalize component. It affects MariaDB Server versions 10.7 and below. Database administrators and organizations running vulnerable MariaDB instances are impacted.

💻 Affected Systems

Products:

MariaDB Server

Versions: 10.7 and below (all versions up to and including 10.7)

Operating Systems: All operating systems running MariaDB

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all configurations where MariaDB is running. Requires ability to execute SQL statements against the database.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database service disruption, making applications dependent on MariaDB unavailable until service restart.

🟠

Likely Case

Database service crashes requiring manual restart, causing temporary application downtime.

🟢

If Mitigated

Minimal impact with proper network segmentation and access controls limiting who can execute SQL queries.

🌐 Internet-Facing: HIGH if MariaDB is exposed to untrusted networks without proper authentication/authorization controls.

🏢 Internal Only: MEDIUM as it requires authenticated access but could be exploited by malicious insiders or compromised internal accounts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated database access to execute crafted SQL statements. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MariaDB 10.7.1 and later versions

Vendor Advisory: https://jira.mariadb.org/browse/MDEV-26423

Restart Required: Yes

Instructions:

1. Backup your database. 2. Upgrade MariaDB to version 10.7.1 or later. 3. Restart the MariaDB service. 4. Verify the upgrade was successful.

🔧 Temporary Workarounds

Restrict Database Access

all

Limit which users and applications can execute SQL statements against MariaDB

Network Segmentation

all

Ensure MariaDB is not directly accessible from untrusted networks

🧯 If You Can't Patch

Implement strict database user privilege management to minimize attack surface
Deploy network-based intrusion detection to monitor for unusual SQL query patterns

🔍 How to Verify

Check if Vulnerable:

Check MariaDB version: If version is 10.7 or below, the system is vulnerable.

Check Version:

mysql --version

Verify Fix Applied:

After patching, verify MariaDB version is 10.7.1 or higher and service is running normally.

📡 Detection & Monitoring

Log Indicators:

MariaDB service crashes
Error logs showing abnormal SQL query failures
Repeated connection failures

Network Indicators:

Unusual SQL query patterns from single sources
Multiple failed SQL execution attempts

SIEM Query:

source="mariadb.log" AND ("crash" OR "segfault" OR "abnormal termination")

📊 Metadata

CVE ID: CVE-2022-27378

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-89

Published: April 12, 2022

Last Updated: November 21, 2024

🔗 References

https://jira.mariadb.org/browse/MDEV-26423 Exploit,Issue Tracking,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20220526-0004/ Third Party Advisory
https://jira.mariadb.org/browse/MDEV-26423 Exploit,Issue Tracking,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20220526-0004/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-27378, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Mariadb by Mariadb

Mariadb by Mariadb

Mariadb by Mariadb

Mariadb by Mariadb

Mariadb by Mariadb

Mariadb by Mariadb

Mariadb by Mariadb

Mariadb by Mariadb

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Database Access

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities