CVE-2022-27380
📋 TL;DR
A vulnerability in MariaDB Server's my_decimal::operator= component allows attackers to cause Denial of Service (DoS) through specially crafted SQL statements. This affects MariaDB Server versions 10.6.3 and below, potentially disrupting database availability for applications using these versions.
💻 Affected Systems
- MariaDB Server
📦 What is this software?
Mariadb by Mariadb
Mariadb by Mariadb
Mariadb by Mariadb
Mariadb by Mariadb
Mariadb by Mariadb
Mariadb by Mariadb
⚠️ Risk & Real-World Impact
Worst Case
Complete database service disruption leading to application downtime and data unavailability
Likely Case
Database service crashes requiring restart, causing temporary application disruption
If Mitigated
Minimal impact with proper network segmentation and query filtering
🎯 Exploit Status
Exploitation requires ability to execute SQL statements against the database
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: MariaDB 10.6.4 and later
Vendor Advisory: https://jira.mariadb.org/browse/MDEV-26280
Restart Required: Yes
Instructions:
1. Backup databases. 2. Upgrade MariaDB to version 10.6.4 or later. 3. Restart MariaDB service. 4. Verify version and functionality.
🔧 Temporary Workarounds
SQL Query Filtering
allImplement input validation and filtering for decimal operations in SQL queries
Network Access Control
allRestrict database access to trusted applications and users only
🧯 If You Can't Patch
- Implement strict network segmentation to isolate MariaDB instances
- Deploy web application firewall (WAF) with SQL injection protection rules
🔍 How to Verify
Check if Vulnerable:
Check MariaDB version: mysql --version or SELECT VERSION();Check Version:
mysql --versionVerify Fix Applied:
Confirm version is 10.6.4 or later and test decimal operations📡 Detection & Monitoring
Log Indicators:
- Database crash logs
- Unexpected service restarts
- Error messages related to decimal operations
Network Indicators:
- Unusual SQL query patterns targeting decimal functions
SIEM Query:
source="mariadb.log" AND ("crash" OR "segfault" OR "decimal")🔗 References
- https://jira.mariadb.org/browse/MDEV-26280
- https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html
- https://security.netapp.com/advisory/ntap-20220526-0007/
- https://jira.mariadb.org/browse/MDEV-26280
- https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html
- https://security.netapp.com/advisory/ntap-20220526-0007/
