CVE-2022-27384 – This vulnerability in MariaDB Server allows att... (How to Fix)

Q: What is the severity of CVE-2022-27384?

CVE-2022-27384 has a CVSS score of 7.5 (HIGH). This vulnerability in MariaDB Server allows attackers to cause a Denial of Service (DoS) by sending specially crafted SQL statements. It affects MariaDB Server versions 10.6 and below. Database administrators and organizations running vulnerable MariaDB instances are affected.

📋 TL;DR

This vulnerability in MariaDB Server allows attackers to cause a Denial of Service (DoS) by sending specially crafted SQL statements. It affects MariaDB Server versions 10.6 and below. Database administrators and organizations running vulnerable MariaDB instances are affected.

💻 Affected Systems

Products:

MariaDB Server

Versions: 10.6 and below (all versions up to and including 10.6)

Operating Systems: All operating systems running MariaDB

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all configurations where the vulnerable component is present. Requires ability to execute SQL statements against the database.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database service disruption, making applications dependent on the database unavailable to users.

🟠

Likely Case

Temporary service interruption requiring database restart, causing application downtime.

🟢

If Mitigated

Minimal impact with proper network segmentation and access controls limiting who can send SQL queries.

🌐 Internet-Facing: HIGH if database is directly exposed to the internet without proper authentication or firewalls.

🏢 Internal Only: MEDIUM as authenticated users or compromised internal systems could still trigger the DoS.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to execute SQL statements. The vulnerability is in the Item_subselect::init_expr_cache_tracker component and involves specially crafted SQL.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MariaDB 10.6.6 and later versions

Vendor Advisory: https://jira.mariadb.org/browse/MDEV-26047

Restart Required: Yes

Instructions:

1. Check current MariaDB version. 2. Backup databases. 3. Upgrade to MariaDB 10.6.6 or later. 4. Restart MariaDB service. 5. Verify upgrade completed successfully.

🔧 Temporary Workarounds

Restrict SQL Execution

all

Limit which users/applications can execute SQL statements against the database

Network Segmentation

all

Ensure database is not directly accessible from untrusted networks

🧯 If You Can't Patch

Implement strict access controls to limit who can execute SQL queries
Monitor database logs for unusual SQL patterns and implement rate limiting

🔍 How to Verify

Check if Vulnerable:

Check MariaDB version: If version is 10.6.5 or below, system is vulnerable.

Check Version:

mysql --version or SELECT VERSION();

Verify Fix Applied:

After patching, verify version is 10.6.6 or higher and test database functionality.

📡 Detection & Monitoring

Log Indicators:

Multiple failed SQL queries
Database crash/restart events
Unusual SQL patterns targeting subselect expressions

Network Indicators:

Sudden increase in SQL traffic from single source
Database connection spikes followed by service interruption

SIEM Query:

source="mariadb.log" AND ("crash" OR "restart" OR "error" OR "failed")

📊 Metadata

CVE ID: CVE-2022-27384

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-89

Published: April 12, 2022

Last Updated: November 21, 2024

🔗 References

https://jira.mariadb.org/browse/MDEV-26047 Exploit,Issue Tracking,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20220519-0006/ Third Party Advisory
https://jira.mariadb.org/browse/MDEV-26047 Exploit,Issue Tracking,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20220519-0006/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-27384, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Mariadb by Mariadb

Mariadb by Mariadb

Mariadb by Mariadb

Mariadb by Mariadb

Mariadb by Mariadb

Mariadb by Mariadb

Mariadb by Mariadb

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict SQL Execution

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities