{"id":"USN-4603-1","summary":"mariadb-10.1, mariadb-10.3 vulnerabilities","details":"It was discovered that MariaDB didn't properly validate the content of a packet\nreceived from a server. A remote attacker could use this vulnerability to sent\na specialy crafted file to cause a denial of service. (CVE-2020-13249)\n\nIt was discovered that MariaDB has other security issues. An attacker can cause\na hang or frequently repeatable crash (denial of service). (CVE-2020-15180,\nCVE-2020-2752, CVE-2020-2760, CVE-2020-2812, CVE-2020-2814)\n\nIn addition to security fixes, the updated packages contain bug fixes, new\nfeatures, and possibly incompatible changes.\n","modified":"2026-04-27T15:46:42.020972Z","published":"2020-10-27T16:57:58Z","related":["UBUNTU-CVE-2020-13249","UBUNTU-CVE-2020-15180","UBUNTU-CVE-2020-2752","UBUNTU-CVE-2020-2760","UBUNTU-CVE-2020-2812","UBUNTU-CVE-2020-2814"],"upstream":["CVE-2020-13249","CVE-2020-15180","CVE-2020-2752","CVE-2020-2760","CVE-2020-2812","CVE-2020-2814","UBUNTU-CVE-2020-13249","UBUNTU-CVE-2020-15180","UBUNTU-CVE-2020-2752","UBUNTU-CVE-2020-2760","UBUNTU-CVE-2020-2812","UBUNTU-CVE-2020-2814"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4603-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-2752"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-2760"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-2812"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-2814"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-13249"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-15180"}],"affected":[{"package":{"name":"mariadb-10.1","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/mariadb-10.1@1:10.1.47-0ubuntu0.18.04.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:10.1.47-0ubuntu0.18.04.1"}]}],"versions":["10.1.25-1","1:10.1.29-6","1:10.1.34-0ubuntu0.18.04.1","1:10.1.38-0ubuntu0.18.04.1","1:10.1.38-0ubuntu0.18.04.2","1:10.1.40-0ubuntu0.18.04.1","1:10.1.41-0ubuntu0.18.04.1","1:10.1.43-0ubuntu0.18.04.1","1:10.1.44-0ubuntu0.18.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"libmariadbclient-dev-compat","binary_version":"1:10.1.47-0ubuntu0.18.04.1"},{"binary_name":"libmariadbclient18","binary_version":"1:10.1.47-0ubuntu0.18.04.1"},{"binary_name":"libmariadbd18","binary_version":"1:10.1.47-0ubuntu0.18.04.1"},{"binary_name":"mariadb-client","binary_version":"1:10.1.47-0ubuntu0.18.04.1"},{"binary_name":"mariadb-client-10.1","binary_version":"1:10.1.47-0ubuntu0.18.04.1"},{"binary_name":"mariadb-client-core-10.1","binary_version":"1:10.1.47-0ubuntu0.18.04.1"},{"binary_name":"mariadb-common","binary_version":"1:10.1.47-0ubuntu0.18.04.1"},{"binary_name":"mariadb-plugin-connect","binary_version":"1:10.1.47-0ubuntu0.18.04.1"},{"binary_name":"mariadb-plugin-cracklib-password-check","binary_version":"1:10.1.47-0ubuntu0.18.04.1"},{"binary_name":"mariadb-plugin-gssapi-client","binary_version":"1:10.1.47-0ubuntu0.18.04.1"},{"binary_name":"mariadb-plugin-gssapi-server","binary_version":"1:10.1.47-0ubuntu0.18.04.1"},{"binary_name":"mariadb-plugin-mroonga","binary_version":"1:10.1.47-0ubuntu0.18.04.1"},{"binary_name":"mariadb-plugin-oqgraph","binary_version":"1:10.1.47-0ubuntu0.18.04.1"},{"binary_name":"mariadb-plugin-spider","binary_version":"1:10.1.47-0ubuntu0.18.04.1"},{"binary_name":"mariadb-plugin-tokudb","binary_version":"1:10.1.47-0ubuntu0.18.04.1"},{"binary_name":"mariadb-server","binary_version":"1:10.1.47-0ubuntu0.18.04.1"},{"binary_name":"mariadb-server-10.1","binary_version":"1:10.1.47-0ubuntu0.18.04.1"},{"binary_name":"mariadb-server-core-10.1","binary_version":"1:10.1.47-0ubuntu0.18.04.1"},{"binary_name":"mariadb-test","binary_version":"1:10.1.47-0ubuntu0.18.04.1"},{"binary_name":"mariadb-test-data","binary_version":"1:10.1.47-0ubuntu0.18.04.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4603-1.json","cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"id":"CVE-2020-2752","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-2760","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-2812","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-2814","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-13249","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-15180","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}]}}},{"package":{"name":"mariadb-10.3","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/mariadb-10.3@1:10.3.25-0ubuntu0.20.04.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:10.3.25-0ubuntu0.20.04.1"}]}],"versions":["1:10.3.17-1","1:10.3.18-1","1:10.3.19-1","1:10.3.21-2","1:10.3.22-1","1:10.3.22-1ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"libmariadb-dev-compat","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"libmariadb3","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"libmariadbd19","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"mariadb-backup","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"mariadb-client","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"mariadb-client-10.3","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"mariadb-client-core-10.3","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"mariadb-common","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"mariadb-plugin-connect","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"mariadb-plugin-cracklib-password-check","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"mariadb-plugin-gssapi-client","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"mariadb-plugin-gssapi-server","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"mariadb-plugin-mroonga","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"mariadb-plugin-oqgraph","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"mariadb-plugin-rocksdb","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"mariadb-plugin-spider","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"mariadb-plugin-tokudb","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"mariadb-server","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"mariadb-server-10.3","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"mariadb-server-core-10.3","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"mariadb-test","binary_version":"1:10.3.25-0ubuntu0.20.04.1"},{"binary_name":"mariadb-test-data","binary_version":"1:10.3.25-0ubuntu0.20.04.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4603-1.json","cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"id":"CVE-2020-2752","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-2760","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-2812","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-2814","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-13249","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-15180","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}]}}}],"schema_version":"1.7.5"}