CVE-2020-13249
on github
Published
Severity
CVSS v3:
8.8 HIGH
CVSS v2:
6.8 MEDIUM
Description
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.
References
- https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945
- https://github.com/mariadb-corporation/mariadb-connector-c/compare/v3.1.7...v3.1.8
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00064.html
- https://lists.fedoraproject.org/archives/list/[email protected]/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html
- https://lists.fedoraproject.org/archives/list/[email protected]/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/
Configurations
| CPE23 | Version Start | Version End | Exact Version |
|---|---|---|---|
| cpe:2.3:a:mariadb:connector\/c:*:*:*:*:*:*:*:* | n/a | 3.1.8 | * |
| cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* | n/a | n/a | 15.1 |
| cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* | n/a | n/a | 31 |
| cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* | n/a | n/a | 32 |