Login Sign Up

CVE-2022-27445

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in MariaDB Server causes a segmentation fault via the sql/sql_window.cc component, which can lead to denial of service (DoS) by crashing the database server. It affects MariaDB Server versions 10.9 and below. Organizations running vulnerable MariaDB instances are at risk of service disruption.

💻 Affected Systems

Products:
  • MariaDB Server
Versions: Versions 10.9 and below
Operating Systems: All operating systems running MariaDB
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable if using window functions. The vulnerability is triggered through specific SQL queries.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Mariadb by Mariadb

View all CVEs affecting Mariadb →

Mariadb by Mariadb

View all CVEs affecting Mariadb →

Mariadb by Mariadb

View all CVEs affecting Mariadb →

Mariadb by Mariadb

View all CVEs affecting Mariadb →

Mariadb by Mariadb

View all CVEs affecting Mariadb →

Mariadb by Mariadb

View all CVEs affecting Mariadb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database server crash leading to extended service downtime and data unavailability until restart.

🟠

Likely Case

Denial of service through server crash requiring manual restart, causing temporary service disruption.

🟢

If Mitigated

Minimal impact with proper monitoring and automated restart mechanisms in place.

🌐 Internet-Facing: MEDIUM - Internet-facing databases could be targeted for DoS attacks, but exploitation requires specific conditions.
🏢 Internal Only: LOW - Internal databases have lower exposure, though accidental or malicious internal triggers could still cause disruption.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires database access to execute malicious SQL queries. No public exploit code has been confirmed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MariaDB 10.9.1 and later versions

Vendor Advisory: https://jira.mariadb.org/browse/MDEV-28081

Restart Required: Yes

Instructions:

1. Backup your database. 2. Upgrade MariaDB to version 10.9.1 or later. 3. Restart the MariaDB service. 4. Verify the upgrade was successful.

🔧 Temporary Workarounds

Restrict Window Function Usage

all

Limit or monitor usage of window functions in SQL queries to reduce attack surface.

-- No direct commands; implement through application controls and database permissions

🧯 If You Can't Patch

  • Implement strict database access controls to limit who can execute complex queries.
  • Deploy monitoring and alerting for database crashes with automated restart capabilities.

🔍 How to Verify

Check if Vulnerable:

Check MariaDB version: if version is 10.9 or below, the system is vulnerable.

Check Version:

mysql --version | grep -i mariadb

Verify Fix Applied:

After patching, verify the MariaDB version is 10.9.1 or higher and test window function queries.

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault errors in MariaDB logs
  • Unexpected database service crashes
  • Error messages referencing sql/sql_window.cc

Network Indicators:

  • Sudden loss of database connectivity
  • Increased failed connection attempts

SIEM Query:

source="mariadb.log" AND ("segmentation fault" OR "sql_window.cc")

📊 Metadata

CVE ID: CVE-2022-27445
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: April 14, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON