{"id":"CVE-2022-24048","details":"MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.","aliases":["BIT-mariadb-2022-24048","BIT-mariadb-min-2022-24048","BIT-mysql-client-2022-24048"],"modified":"2026-03-20T04:16:59.859057Z","published":"2022-02-18T20:15:17.757Z","related":["ALSA-2022:5826","ALSA-2022:5948","ALSA-2022:6443","MGASA-2022-0070","SUSE-RU-2023:3956-1","SUSE-RU-2023:4991-1","SUSE-SU-2022:0725-1","SUSE-SU-2022:0726-1","SUSE-SU-2022:0731-1","SUSE-SU-2022:0731-2","SUSE-SU-2022:0782-1","SUSE-SU-2022:2561-1","openSUSE-SU-2022:0731-1","openSUSE-SU-2024:11867-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220318-0004/"},{"type":"ADVISORY","url":"https://www.zerodayinitiative.com/advisories/ZDI-22-363/"},{"type":"FIX","url":"https://mariadb.com/kb/en/security/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"9664240c948a92c22ccda0e1f5a420eb776ddcb1"},{"fixed":"e2b50213cf12623da31c8b49be4d40772876223c"},{"introduced":"20ae591abd0bfe1bfaee546989ee163f4ef832b1"},{"fixed":"41a163ac5ccf4ac5394edc84e40b3f47acea6b08"},{"introduced":"c761b43451d54eeeecdf3c102906fcce88d4e9d9"},{"fixed":"c04a203a10e282e1f33fd04d8a1b7ff0b076bce5"},{"introduced":"7c7f9bef28aa566557da31402142f6dd8298ddd2"},{"fixed":"ad3ac55641f18172807b13423353f01377f76e6e"},{"introduced":"1a647b700f6b72dc97211510a5d0c647d5d3d911"},{"fixed":"4ffffd98a5ac89b78954aaa2197b40850ade4191"},{"introduced":"0"},{"fixed":"cb1316b8d213aded32aa2c1a98271eede179146d"}],"database_specific":{"versions":[{"introduced":"10.2.0"},{"fixed":"10.2.42"},{"introduced":"10.3.0"},{"fixed":"10.3.33"},{"introduced":"10.4.0"},{"fixed":"10.4.23"},{"introduced":"10.5.0"},{"fixed":"10.5.14"},{"introduced":"10.6.0"},{"fixed":"10.6.6"},{"introduced":"10.7.0"},{"fixed":"10.7.2"}]}}],"versions":["mariadb-10.0.25","mariadb-10.0.26","mariadb-10.0.27","mariadb-10.0.28","mariadb-10.0.29","mariadb-10.0.30","mariadb-10.0.31","mariadb-10.0.32","mariadb-10.0.33","mariadb-10.0.34","mariadb-10.0.35","mariadb-10.0.36","mariadb-10.0.37","mariadb-10.0.38","mariadb-10.1.14","mariadb-10.1.15","mariadb-10.1.16","mariadb-10.1.17","mariadb-10.1.18","mariadb-10.1.19","mariadb-10.1.20","mariadb-10.1.21","mariadb-10.1.22","mariadb-10.1.23","mariadb-10.1.24","mariadb-10.1.25","mariadb-10.1.26","mariadb-10.1.27","mariadb-10.1.28","mariadb-10.1.29","mariadb-10.1.30","mariadb-10.1.31","mariadb-10.1.32","mariadb-10.1.33","mariadb-10.1.34","mariadb-10.1.35","mariadb-10.1.36","mariadb-10.1.37","mariadb-10.1.38","mariadb-10.1.39","mariadb-10.1.40","mariadb-10.1.41","mariadb-10.1.42","mariadb-10.1.43","mariadb-10.1.44","mariadb-10.1.45","mariadb-10.1.46","mariadb-10.1.47","mariadb-10.2.0","mariadb-10.2.1","mariadb-10.2.10","mariadb-10.2.11","mariadb-10.2.12","mariadb-10.2.13","mariadb-10.2.14","mariadb-10.2.15","mariadb-10.2.16","mariadb-10.2.17","mariadb-10.2.18","mariadb-10.2.19","mariadb-10.2.2","mariadb-10.2.20","mariadb-10.2.21","mariadb-10.2.22","mariadb-10.2.23","mariadb-10.2.24","mariadb-10.2.25","mariadb-10.2.26","mariadb-10.2.27","mariadb-10.2.28","mariadb-10.2.29","mariadb-10.2.3","mariadb-10.2.30","mariadb-10.2.31","mariadb-10.2.32","mariadb-10.2.33","mariadb-10.2.34","mariadb-10.2.35","mariadb-10.2.36","mariadb-10.2.37","mariadb-10.2.38","mariadb-10.2.39","mariadb-10.2.4","mariadb-10.2.40","mariadb-10.2.41","mariadb-10.2.5","mariadb-10.2.6","mariadb-10.2.7","mariadb-10.2.8","mariadb-10.2.9","mariadb-5.5.49","mariadb-5.5.50","mariadb-5.5.51","mariadb-5.5.52","mariadb-5.5.53","mariadb-5.5.54","mariadb-5.5.55","mariadb-5.5.56","mariadb-5.5.57","mariadb-5.5.58","mariadb-5.5.59","mariadb-5.5.60","mariadb-5.5.61","mariadb-5.5.62","mariadb-5.5.63","mariadb-5.5.64","mariadb-5.5.65","mariadb-5.5.66","mariadb-5.5.67","mariadb-5.5.68","mariadb-galera-10.0.25","mariadb-galera-10.0.26","mariadb-galera-10.0.27","mariadb-galera-10.0.28","mariadb-galera-10.0.29","mariadb-galera-10.0.30","mariadb-galera-10.0.31","mariadb-galera-10.0.32","mariadb-galera-10.0.33","mariadb-galera-10.0.34","mariadb-galera-10.0.35","mariadb-galera-10.0.36","mariadb-galera-10.0.37","mariadb-galera-5.5.49","mariadb-galera-5.5.50","mariadb-galera-5.5.51","mariadb-galera-5.5.52","mariadb-galera-5.5.53","mariadb-galera-5.5.54","mariadb-galera-5.5.55","mariadb-galera-5.5.56","mariadb-galera-5.5.57","mariadb-galera-5.5.58","mariadb-galera-5.5.59","mariadb-galera-5.5.60","mariadb-galera-5.5.61","mariadb-galera-5.5.62","mysql-5.5.49","mysql-5.5.50","mysql-5.5.51","mysql-5.5.52","mysql-5.5.53","mysql-5.5.54","mysql-5.5.55","mysql-5.5.56","mysql-5.5.57","mysql-5.5.58","mysql-5.5.59","mysql-5.5.60","mysql-5.5.61","mysql-5.5.62"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24048.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}