{"id":"CVE-2022-27384","details":"An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.","aliases":["BIT-mariadb-2022-27384","BIT-mariadb-min-2022-27384","BIT-mysql-client-2022-27384"],"modified":"2026-02-19T01:58:07.782073Z","published":"2022-04-12T20:15:08.797Z","related":["ALSA-2022:5826","ALSA-2022:5948","ALSA-2022:6443","MGASA-2022-0215","SUSE-RU-2023:3956-1","SUSE-RU-2023:4991-1","SUSE-SU-2022:2003-1","SUSE-SU-2022:2107-1","SUSE-SU-2022:2160-1","SUSE-SU-2022:2189-1","SUSE-SU-2022:2561-1"],"references":[{"type":"ADVISORY","url":"https://jira.mariadb.org/browse/MDEV-26047"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220519-0006/"},{"type":"REPORT","url":"https://jira.mariadb.org/browse/MDEV-26047"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html"},{"type":"EVIDENCE","url":"https://jira.mariadb.org/browse/MDEV-26047"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"0"},{"fixed":"99a433ed1cc2cebad93d6ece2b65691f2f49d3ea"},{"introduced":"0"},{"fixed":"b7ffccf49b5563d3078359bddf438c9d20674513"},{"introduced":"1a647b700f6b72dc97211510a5d0c647d5d3d911"},{"fixed":"b2187662bcba12b66667bc0531727453b3b8a666"},{"introduced":"20ae591abd0bfe1bfaee546989ee163f4ef832b1"},{"fixed":"a0d4f0f306c6e478a1f45727e8fd9c867f9672d9"},{"introduced":"7c7f9bef28aa566557da31402142f6dd8298ddd2"},{"fixed":"7970ac7fe87d1da34e3e212dccd57b112b94b3fe"},{"introduced":"9664240c948a92c22ccda0e1f5a420eb776ddcb1"},{"fixed":"0ba528fe56f6c637d9fbc9d177a62610038fd519"},{"introduced":"c761b43451d54eeeecdf3c102906fcce88d4e9d9"},{"fixed":"23ddc3518f999e003d54f7a069b63b73585588aa"}]}],"versions":["mariadb-10.2.38","mariadb-10.2.39","mariadb-10.2.40","mariadb-10.2.41","mariadb-10.2.42","mariadb-10.2.43","mariadb-10.3.29","mariadb-10.3.30","mariadb-10.3.31","mariadb-10.3.32","mariadb-10.3.33","mariadb-10.3.34","mariadb-10.3.35","mariadb-10.4.19","mariadb-10.4.20","mariadb-10.4.21","mariadb-10.4.22","mariadb-10.4.23","mariadb-10.4.24","mariadb-10.4.25","mariadb-10.5.10","mariadb-10.5.11","mariadb-10.5.12","mariadb-10.5.13","mariadb-10.5.14","mariadb-10.5.15","mariadb-10.5.16","mariadb-10.6.0","mariadb-10.6.1","mariadb-10.6.2","mariadb-10.6.3","mariadb-10.6.4","mariadb-10.6.5","mariadb-10.6.6","mariadb-10.6.7","mariadb-10.6.8","mariadb-10.7.1","mariadb-10.7.2","mariadb-10.7.3"],"database_specific":{"vanir_signatures":[{"deprecated":false,"digest":{"length":3842,"function_hash":"139410885805228531428960716111714496814"},"target":{"function":"st_select_lex::add_table_to_list","file":"sql/sql_parse.cc"},"source":"https://github.com/mariadb/server/commit/0ba528fe56f6c637d9fbc9d177a62610038fd519","signature_type":"Function","id":"CVE-2022-27384-261ea06f","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["109653293203522022930865857668421870622","29073102755632696090890904852202915678","319062535768988456620840697081414713359","80418953152597147384415640027788794032"]},"target":{"file":"sql/sql_parse.cc"},"source":"https://github.com/mariadb/server/commit/0ba528fe56f6c637d9fbc9d177a62610038fd519","signature_type":"Line","id":"CVE-2022-27384-7971ffe8","signature_version":"v1"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-27384.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}