Home

CVE-2020-13249

Description

libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.702

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-13249 are fixed in MariaDB Connector/C 3.1.8Windows
Vulnerabilities CVE-2020-2752,CVE-2020-13249 are fixed in MariaDB MariaDB Connector/C 3.1.8Windows
Vulnerabilities CVE-2020-2814,CVE-2020-2812,CVE-2020-2752,CVE-2020-2760,CVE-2020-13249 are fixed in MariaDB MariaDB 10.3.23Windows
Vulnerabilities CVE-2020-2814,CVE-2020-2812,CVE-2020-2752,CVE-2020-2760,CVE-2020-13249 are fixed in MariaDB MariaDB 10.2.32Windows
Vulnerabilities CVE-2020-2814,CVE-2020-2812,CVE-2020-2752,CVE-2020-2760,CVE-2020-13249 are fixed in MariaDB MariaDB 10.4.13Windows
Vulnerabilities CVE-2020-2814,CVE-2020-2812,CVE-2020-2760,CVE-2020-2752,CVE-2020-13249 are fixed in MariaDB MariaDB 10.5.4Windows
SUSE-SU-2020:1431-1(SUSE Linux Enterprise Server 12-SP5 ) libmariadb3-3.1.8-2.15.1.x86_64.rpmLinux
SUSE-SU-2020:1431-1(SUSE Linux Enterprise Server 12-SP5 ) libmariadb3-debuginfo-3.1.8-2.15.1.x86_64.rpmLinux
SUSE-SU-2020:1431-1(SUSE Linux Enterprise Server 12-SP5 ) libmariadb_plugins-3.1.8-2.15.1.x86_64.rpmLinux
SUSE-SU-2020:1431-1(SUSE Linux Enterprise Server 12-SP5 ) libmariadb_plugins-debuginfo-3.1.8-2.15.1.x86_64.rpmLinux
SUSE-SU-2020:1431-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-connector-c-debugsource-3.1.8-2.15.1.x86_64.rpmLinux
SUSE-SU-2020:1431-1(SUSE Linux Enterprise Server 12-SP4 ) libmariadb3-3.1.8-2.15.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1431-1(SUSE Linux Enterprise Server 12-SP4 ) libmariadb3-debuginfo-3.1.8-2.15.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1431-1(SUSE Linux Enterprise Server 12-SP4 ) libmariadb_plugins-3.1.8-2.15.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1431-1(SUSE Linux Enterprise Server 12-SP4 ) libmariadb_plugins-debuginfo-3.1.8-2.15.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1431-1(SUSE Linux Enterprise Server 12-SP4 ) mariadb-connector-c-debugsource-3.1.8-2.15.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1710-1(SUSE Linux Enterprise Server 12-SP4 ) mariadb-10.2.32-3.28.2.x86_64.rpmLinux
SUSE-SU-2020:1710-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-10.2.32-3.28.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1710-1(SUSE Linux Enterprise Server 12-SP4 ) mariadb-client-10.2.32-3.28.2.x86_64.rpmLinux
SUSE-SU-2020:1710-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-client-10.2.32-3.28.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1710-1(SUSE Linux Enterprise Server 12-SP4 ) mariadb-client-debuginfo-10.2.32-3.28.2.x86_64.rpmLinux
SUSE-SU-2020:1710-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-client-debuginfo-10.2.32-3.28.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1710-1(SUSE Linux Enterprise Server 12-SP4 ) mariadb-debuginfo-10.2.32-3.28.2.x86_64.rpmLinux
SUSE-SU-2020:1710-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-debuginfo-10.2.32-3.28.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1710-1(SUSE Linux Enterprise Server 12-SP4 ) mariadb-debugsource-10.2.32-3.28.2.x86_64.rpmLinux
SUSE-SU-2020:1710-1(SUSE Linux Enterprise Server 12-SP4 ) mariadb-errormessages-10.2.32-3.28.2.noarch.rpmLinux
SUSE-SU-2020:1710-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-debugsource-10.2.32-3.28.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1710-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-errormessages-10.2.32-3.28.2.noarch_SP5.rpmLinux
SUSE-SU-2020:1710-1(SUSE Linux Enterprise Server 12-SP4 ) mariadb-tools-10.2.32-3.28.2.x86_64.rpmLinux
SUSE-SU-2020:1710-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-tools-10.2.32-3.28.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1710-1(SUSE Linux Enterprise Server 12-SP4 ) mariadb-tools-debuginfo-10.2.32-3.28.2.x86_64.rpmLinux
SUSE-SU-2020:1710-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-tools-debuginfo-10.2.32-3.28.2.x86_64_SP5.rpmLinux
MariaDB database (USN-4603-1) mariadb-server_10.1.47-0ubuntu0.18.04.1_all.debLinux
MariaDB database (USN-4603-1) mariadb-server_10.3.25-0ubuntu0.20.04.1_all.debLinux
Vulnerabilities CVE-2020-13249 are fixed in MariaDB Connector/C 3.1.8 (For Linux)Linux
Vulnerabilities CVE-2020-2752,CVE-2020-13249 are fixed in MariaDB MariaDB Connector/C 3.1.8 (For Linux)Linux
Vulnerabilities CVE-2020-2814,CVE-2020-2812,CVE-2020-2752,CVE-2020-2760,CVE-2020-13249 are fixed in MariaDB MariaDB 10.3.23 (For Linux)Linux
Vulnerabilities CVE-2020-2814,CVE-2020-2812,CVE-2020-2752,CVE-2020-2760,CVE-2020-13249 are fixed in MariaDB MariaDB 10.2.32 (For Linux)Linux
Vulnerabilities CVE-2020-2814,CVE-2020-2812,CVE-2020-2752,CVE-2020-2760,CVE-2020-13249 are fixed in MariaDB MariaDB 10.4.13 (For Linux)Linux
Vulnerabilities CVE-2020-2814,CVE-2020-2812,CVE-2020-2760,CVE-2020-2752,CVE-2020-13249 are fixed in MariaDB MariaDB 10.5.4 (For Linux)Linux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update galera-25.3.31-1.module+el8.3.0+8843+3f4e42f6.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update galera-debugsource-25.3.31-1.module+el8.3.0+8843+3f4e42f6.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-backup-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-common-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-debugsource-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-devel-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-embedded-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-embedded-devel-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-errmsg-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-gssapi-server-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-oqgraph-engine-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-server-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-server-galera-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-server-utils-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-test-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5503) mariadb-connector-c security, bug fix, and enhancement update mariadb-connector-c-3.1.11-2.el8_3.i686.rpmLinux
(RHSA-2020:5503) mariadb-connector-c security, bug fix, and enhancement update mariadb-connector-c-3.1.11-2.el8_3.x86_64.rpmLinux
(RHSA-2020:5503) mariadb-connector-c security, bug fix, and enhancement update mariadb-connector-c-config-3.1.11-2.el8_3.noarch.rpmLinux
(RHSA-2020:5503) mariadb-connector-c security, bug fix, and enhancement update mariadb-connector-c-debugsource-3.1.11-2.el8_3.i686.rpmLinux
(RHSA-2020:5503) mariadb-connector-c security, bug fix, and enhancement update mariadb-connector-c-debugsource-3.1.11-2.el8_3.x86_64.rpmLinux
(RHSA-2020:5503) mariadb-connector-c security, bug fix, and enhancement update mariadb-connector-c-devel-3.1.11-2.el8_3.i686.rpmLinux
(RHSA-2020:5503) mariadb-connector-c security, bug fix, and enhancement update mariadb-connector-c-devel-3.1.11-2.el8_3.x86_64.rpmLinux
(RHSA-2020:5503)Moderate: security, bug fix, and enhancement update mariadb-connector-c-debuginfo-3.1.11-2.el8_3.i686.rpmLinux
(RHSA-2020:5503)Moderate: security, bug fix, and enhancement update mariadb-connector-c-debuginfo-3.1.11-2.el8_3.x86_64.rpmLinux
(RHSA-2020:5503)Moderate: security, bug fix, and enhancement update mariadb-connector-c-devel-debuginfo-3.1.11-2.el8_3.i686.rpmLinux
(RHSA-2020:5503)Moderate: security, bug fix, and enhancement update mariadb-connector-c-devel-debuginfo-3.1.11-2.el8_3.x86_64.rpmLinux
mariadb-connector-c security, bug fix, and enhancement update (RLSA-2020:5503) mariadb-connector-c-3.1.11-2.el8_3.i686.rpmLinux
mariadb-connector-c security, bug fix, and enhancement update (RLSA-2020:5503) mariadb-connector-c-3.1.11-2.el8_3.x86_64.rpmLinux
mariadb-connector-c security, bug fix, and enhancement update (RLSA-2020:5503) mariadb-connector-c-devel-3.1.11-2.el8_3.i686.rpmLinux
mariadb-connector-c security, bug fix, and enhancement update (RLSA-2020:5503) mariadb-connector-c-devel-3.1.11-2.el8_3.x86_64.rpmLinux
mariadb-connector-c security, bug fix, and enhancement update (RLSA-2020:5503) mariadb-connector-c-config-3.1.11-2.el8_3.noarch.rpmLinux
Mariadb-connector-c update (ELSA-2020-5503-1) mariadb-connector-c-3.1.11-2.el8_3.i686.rpmLinux
Mariadb-connector-c update (ELSA-2020-5503-1) mariadb-connector-c-3.1.11-2.el8_3.x86_64.rpmLinux
Mariadb-connector-c-config update (ELSA-2020-5503-1) mariadb-connector-c-config-3.1.11-2.el8_3.noarch.rpmLinux
Mariadb-connector-c-devel update (ELSA-2020-5503-1) mariadb-connector-c-devel-3.1.11-2.el8_3.i686.rpmLinux
Mariadb-connector-c-devel update (ELSA-2020-5503-1) mariadb-connector-c-devel-3.1.11-2.el8_3.x86_64.rpmLinux
Moderate: mariadb-connector-c security, bug fix, and enhancement update mariadb-connector-c-3.1.11-2.el8_3.i686.rpmLinux
Moderate: mariadb-connector-c security, bug fix, and enhancement update mariadb-connector-c-3.1.11-2.el8_3.x86_64.rpmLinux
Moderate: mariadb-connector-c security, bug fix, and enhancement update mariadb-connector-c-config-3.1.11-2.el8_3.noarch.rpmLinux
Moderate: mariadb-connector-c security, bug fix, and enhancement update mariadb-connector-c-devel-3.1.11-2.el8_3.i686.rpmLinux
Moderate: mariadb-connector-c security, bug fix, and enhancement update mariadb-connector-c-devel-3.1.11-2.el8_3.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234