CVE-2021-27928
Description
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.
Risk Information
Base Score
7.2
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
47.179
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-27928 are fixed in MariaDB MariaDB 10.5.9 | Windows |
| Vulnerabilities CVE-2021-27928 are fixed in MariaDB MariaDB 10.4.18 | Windows |
| Vulnerabilities CVE-2021-27928 are fixed in MariaDB MariaDB 10.3.28 | Windows |
| Vulnerabilities CVE-2021-27928 are fixed in MariaDB MariaDB 10.2.37 | Windows |
| (RHSA-2021:1242) mariadb:10.3 and mariadb-devel:10.3 security update galera-25.3.32-1.module+el8.3.0+10472+7adc332a.x86_64.rpm | Linux |
| (RHSA-2021:1242) mariadb:10.3 and mariadb-devel:10.3 security update galera-debugsource-25.3.32-1.module+el8.3.0+10472+7adc332a.x86_64.rpm | Linux |
| (RHSA-2021:1242) mariadb:10.3 and mariadb-devel:10.3 security update mariadb-10.3.28-1.module+el8.3.0+10472+7adc332a.x86_64.rpm | Linux |
| (RHSA-2021:1242) mariadb:10.3 and mariadb-devel:10.3 security update mariadb-backup-10.3.28-1.module+el8.3.0+10472+7adc332a.x86_64.rpm | Linux |
| (RHSA-2021:1242) mariadb:10.3 and mariadb-devel:10.3 security update mariadb-common-10.3.28-1.module+el8.3.0+10472+7adc332a.x86_64.rpm | Linux |
| (RHSA-2021:1242) mariadb:10.3 and mariadb-devel:10.3 security update mariadb-debugsource-10.3.28-1.module+el8.3.0+10472+7adc332a.x86_64.rpm | Linux |
| (RHSA-2021:1242) mariadb:10.3 and mariadb-devel:10.3 security update mariadb-devel-10.3.28-1.module+el8.3.0+10472+7adc332a.x86_64.rpm | Linux |
| (RHSA-2021:1242) mariadb:10.3 and mariadb-devel:10.3 security update mariadb-embedded-10.3.28-1.module+el8.3.0+10472+7adc332a.x86_64.rpm | Linux |
| (RHSA-2021:1242) mariadb:10.3 and mariadb-devel:10.3 security update mariadb-embedded-devel-10.3.28-1.module+el8.3.0+10472+7adc332a.x86_64.rpm | Linux |
| (RHSA-2021:1242) mariadb:10.3 and mariadb-devel:10.3 security update mariadb-errmsg-10.3.28-1.module+el8.3.0+10472+7adc332a.x86_64.rpm | Linux |
| (RHSA-2021:1242) mariadb:10.3 and mariadb-devel:10.3 security update mariadb-gssapi-server-10.3.28-1.module+el8.3.0+10472+7adc332a.x86_64.rpm | Linux |
| (RHSA-2021:1242) mariadb:10.3 and mariadb-devel:10.3 security update mariadb-oqgraph-engine-10.3.28-1.module+el8.3.0+10472+7adc332a.x86_64.rpm | Linux |
| (RHSA-2021:1242) mariadb:10.3 and mariadb-devel:10.3 security update mariadb-server-10.3.28-1.module+el8.3.0+10472+7adc332a.x86_64.rpm | Linux |
| (RHSA-2021:1242) mariadb:10.3 and mariadb-devel:10.3 security update mariadb-server-galera-10.3.28-1.module+el8.3.0+10472+7adc332a.x86_64.rpm | Linux |
| (RHSA-2021:1242) mariadb:10.3 and mariadb-devel:10.3 security update mariadb-server-utils-10.3.28-1.module+el8.3.0+10472+7adc332a.x86_64.rpm | Linux |
| (RHSA-2021:1242) mariadb:10.3 and mariadb-devel:10.3 security update mariadb-test-10.3.28-1.module+el8.3.0+10472+7adc332a.x86_64.rpm | Linux |
| SUSE-SU-2021:2634-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-10.2.39-3.36.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2634-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-client-10.2.39-3.36.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2634-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-client-debuginfo-10.2.39-3.36.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2634-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-debuginfo-10.2.39-3.36.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2634-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-debugsource-10.2.39-3.36.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2634-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-errormessages-10.2.39-3.36.1.noarch.rpm | Linux |
| SUSE-SU-2021:2634-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-tools-10.2.39-3.36.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2634-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-tools-debuginfo-10.2.39-3.36.1.x86_64.rpm | Linux |
| Vulnerabilities CVE-2021-27928 are fixed in MariaDB MariaDB 10.5.9 (For Linux) | Linux |
| Vulnerabilities CVE-2021-27928 are fixed in MariaDB MariaDB 10.4.18 (For Linux) | Linux |
| Vulnerabilities CVE-2021-27928 are fixed in MariaDB MariaDB 10.3.28 (For Linux) | Linux |
| Vulnerabilities CVE-2021-27928 are fixed in MariaDB MariaDB 10.2.37 (For Linux) | Linux |
| mariadb:10.3 and mariadb-devel:10.3 security update (RLSA-2021:1242) Judy-1.0.5-18.module+el8.4.0+427+adf35707.i686.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234