CVE-2020-13249 Affecting mariadb-gssapi-server package, versions <3:10.3.27-3.module+el8.3.0+7885+7a81225f


0.0
high
  • Attack Complexity

    Low

  • User Interaction

    Required

  • Confidentiality

    High

  • Integrity

    High

  • Availability

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-ORACLE8-MARIADBGSSAPISERVER-2573124

  • published

    10 Apr 2022

  • disclosed

    20 May 2020

How to fix?

Upgrade Oracle:8 mariadb-gssapi-server to version 3:10.3.27-3.module+el8.3.0+7885+7a81225f or higher.
This issue was patched in ELSA-2020-5500.

NVD Description

Note: Versions mentioned in the description apply to the upstream mariadb-gssapi-server package. See How to fix? for Oracle:8 relevant versions.

libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.