1201167 – (CVE-2022-32087) VUL-0: CVE-2022-32087: mariadb: segmentation fault via the component Item_args:walk_args

Bug 1201167 (CVE-2022-32087) - VUL-0: CVE-2022-32087: mariadb: segmentation fault via the component Item_args:walk_args

Summary: VUL-0: CVE-2022-32087: mariadb: segmentation fault via the component Item_arg...

Status:	RESOLVED FIXED

Alias:	CVE-2022-32087

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/336157/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-32087:4.4:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2022-07-04 12:04 UTC by Alexander Bergmann
Modified:	2024-04-19 11:29 UTC (History)
CC List:	7 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2022-07-04 12:04:36 UTC

CVE-2022-32087

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the
component Item_args::walk_args.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32087
https://jira.mariadb.org/browse/MDEV-26437

Comment 1 Kristyna Streitova 2022-08-10 15:37:24 UTC

Fix Version/s:
10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4

We've already updated MariaDB to these versions in respective codestreams but this CVE hasn't been mentioned in changes because we updated it in May but the CVE number was assigned in July. We can mention it in the changelog during the next update.

Comment 4 Swamp Workflow Management 2022-09-07 16:33:59 UTC

SUSE-SU-2022:3159-1: An update that solves 10 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1200105,1201161,1201162,1201163,1201164,1201165,1201166,1201167,1201168,1201169,1201170
CVE References: CVE-2022-32081,CVE-2022-32082,CVE-2022-32083,CVE-2022-32084,CVE-2022-32085,CVE-2022-32086,CVE-2022-32087,CVE-2022-32088,CVE-2022-32089,CVE-2022-32091
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    mariadb-10.6.9-150400.3.12.1
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    mariadb-10.6.9-150400.3.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 5 Swamp Workflow Management 2022-09-09 10:20:55 UTC

SUSE-SU-2022:3225-1: An update that solves 10 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1197459,1200105,1201161,1201163,1201164,1201165,1201166,1201167,1201168,1201169,1201170
CVE References: CVE-2018-25032,CVE-2022-32081,CVE-2022-32083,CVE-2022-32084,CVE-2022-32085,CVE-2022-32086,CVE-2022-32087,CVE-2022-32088,CVE-2022-32089,CVE-2022-32091
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    mariadb-10.4.26-150200.3.31.1
SUSE Manager Retail Branch Server 4.1 (src):    mariadb-10.4.26-150200.3.31.1
SUSE Manager Proxy 4.1 (src):    mariadb-10.4.26-150200.3.31.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    mariadb-10.4.26-150200.3.31.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    mariadb-10.4.26-150200.3.31.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    mariadb-10.4.26-150200.3.31.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    mariadb-10.4.26-150200.3.31.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    mariadb-10.4.26-150200.3.31.1
SUSE Enterprise Storage 7 (src):    mariadb-10.4.26-150200.3.31.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 8 Swamp Workflow Management 2022-09-26 16:25:08 UTC

SUSE-SU-2022:3391-1: An update that solves 11 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1200105,1201161,1201162,1201163,1201164,1201165,1201166,1201167,1201168,1201169,1201170,1202863
CVE References: CVE-2022-32081,CVE-2022-32082,CVE-2022-32083,CVE-2022-32084,CVE-2022-32085,CVE-2022-32086,CVE-2022-32087,CVE-2022-32088,CVE-2022-32089,CVE-2022-32091,CVE-2022-38791
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    mariadb-10.5.17-150300.3.21.1
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    mariadb-10.5.17-150300.3.21.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    mariadb-10.5.17-150300.3.21.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 9 Thomas Leroy 2022-10-10 08:18:38 UTC

v10.2 is flagged as affected but no update has been provided for this version.
Is EOL upstream or maybe actually not affected?

Comment 16 Maintenance Automation 2023-10-04 08:33:17 UTC

SUSE-RU-2023:3956-1: An update that solves 221 vulnerabilities and contains three features can now be installed.

Category: recommended (moderate)
Bug References: 1001367, 1005555, 1005558, 1005562, 1005564, 1005566, 1005569, 1005581, 1005582, 1006539, 1008253, 1012075, 1013882, 1019948, 1020873, 1020875, 1020877, 1020878, 1020882, 1020884, 1020885, 1020890, 1020891, 1020894, 1020896, 1020976, 1022428, 1038740, 1039034, 1041525, 1041891, 1042632, 1043328, 1047218, 1055165, 1055268, 1058374, 1058729, 1060110, 1062583, 1067443, 1068906, 1069401, 1080891, 1083087, 1088681, 1092544, 1098683, 1101676, 1101677, 1101678, 1103342, 1111858, 1111859, 1112368, 1112377, 1112384, 1112386, 1112391, 1112397, 1112404, 1112415, 1112417, 1112421, 1112432, 1112767, 1116686, 1118754, 1120041, 1122198, 1122475, 1127027, 1132666, 1136035, 1142909, 1143215, 1144314, 1156669, 1160285, 1160868, 1160878, 1160883, 1160895, 1160912, 1166781, 1168380, 1170204, 1173028, 1173516, 1174559, 1175596, 1177472, 1178428, 1180014, 1182218, 1182255, 1182739, 1183770, 1185870, 1185872, 1186031, 1189320, 1192497, 1195325, 1195334, 1195339, 1196016, 1197459, 1198603, 1198604, 1198605, 1198606, 1198607, 1198609, 1198610, 1198611, 1198612, 1198613, 1198628, 1198629, 1198630, 1198631, 1198632, 1198633, 1198634, 1198635, 1198636, 1198637, 1198638, 1198639, 1198640, 1199928, 1200105, 1201161, 1201163, 1201164, 1201165, 1201166, 1201167, 1201168, 1201169, 1201170, 1202863, 332530, 353120, 357634, 359522, 366820, 371000, 387746, 420313, 425079, 427384, 429618, 435519, 437293, 463586, 520876, 525065, 525325, 539243, 539249, 557669, 635645, 747811, 763150, 779476, 789263, 792444, 796164, 829430, 841709, 859345, 889126, 894479, 902396, 914370, 921955, 934789, 937754, 937767, 937787, 942908, 943096, 957174, 963810, 971456, 979524, 983938, 984858, 986251, 989913, 989919, 989922, 989926, 990890, 998309
CVE References: CVE-2006-0903, CVE-2006-4226, CVE-2006-4227, CVE-2007-5969, CVE-2007-5970, CVE-2007-6303, CVE-2007-6304, CVE-2008-2079, CVE-2008-7247, CVE-2009-4019, CVE-2009-4028, CVE-2009-4030, CVE-2012-4414, CVE-2012-5611, CVE-2012-5612, CVE-2012-5615, CVE-2012-5627, CVE-2013-1976, CVE-2015-4792, CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4895, CVE-2015-4913, CVE-2015-5969, CVE-2015-7744, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0610, CVE-2016-0616, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0644, CVE-2016-0646, CVE-2016-0649, CVE-2016-0650, CVE-2016-0651, CVE-2016-0668, CVE-2016-2047, CVE-2016-3477, CVE-2016-3492, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5584, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-6662, CVE-2016-6663, CVE-2016-6664, CVE-2016-7440, CVE-2016-8283, CVE-2016-9843, CVE-2017-10268, CVE-2017-10286, CVE-2017-10320, CVE-2017-10365, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384, CVE-2017-15365, CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3257, CVE-2017-3258, CVE-2017-3265, CVE-2017-3291, CVE-2017-3302, CVE-2017-3308, CVE-2017-3309, CVE-2017-3312, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464, CVE-2017-3636, CVE-2017-3641, CVE-2017-3653, CVE-2018-25032, CVE-2018-2562, CVE-2018-2612, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665, CVE-2018-2668, CVE-2018-2755, CVE-2018-2759, CVE-2018-2761, CVE-2018-2766, CVE-2018-2767, CVE-2018-2771, CVE-2018-2777, CVE-2018-2781, CVE-2018-2782, CVE-2018-2784, CVE-2018-2786, CVE-2018-2787, CVE-2018-2810, CVE-2018-2813, CVE-2018-2817, CVE-2018-2819, CVE-2018-3058, CVE-2018-3060, CVE-2018-3063, CVE-2018-3064, CVE-2018-3066, CVE-2018-3143, CVE-2018-3156, CVE-2018-3162, CVE-2018-3173, CVE-2018-3174, CVE-2018-3185, CVE-2018-3200, CVE-2018-3251, CVE-2018-3277, CVE-2018-3282, CVE-2018-3284, CVE-2019-18901, CVE-2019-2510, CVE-2019-2537, CVE-2019-2614, CVE-2019-2627, CVE-2019-2628, CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2758, CVE-2019-2805, CVE-2019-2938, CVE-2019-2974, CVE-2020-13249, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789, CVE-2020-14812, CVE-2020-15180, CVE-2020-2574, CVE-2020-2752, CVE-2020-2760, CVE-2020-2812, CVE-2020-2814, CVE-2020-7221, CVE-2021-2154, CVE-2021-2166, CVE-2021-2372, CVE-2021-2389, CVE-2021-27928, CVE-2021-35604, CVE-2021-46657, CVE-2021-46658, CVE-2021-46659, CVE-2021-46661, CVE-2021-46663, CVE-2021-46664, CVE-2021-46665, CVE-2021-46668, CVE-2021-46669, CVE-2022-21427, CVE-2022-21595, CVE-2022-24048, CVE-2022-24050, CVE-2022-24051, CVE-2022-24052, CVE-2022-27376, CVE-2022-27377, CVE-2022-27378, CVE-2022-27379, CVE-2022-27380, CVE-2022-27381, CVE-2022-27382, CVE-2022-27383, CVE-2022-27384, CVE-2022-27386, CVE-2022-27387, CVE-2022-27444, CVE-2022-27445, CVE-2022-27446, CVE-2022-27447, CVE-2022-27448, CVE-2022-27449, CVE-2022-27451, CVE-2022-27452, CVE-2022-27455, CVE-2022-27456, CVE-2022-27457, CVE-2022-27458, CVE-2022-32081, CVE-2022-32083, CVE-2022-32084, CVE-2022-32085, CVE-2022-32086, CVE-2022-32087, CVE-2022-32088, CVE-2022-32089, CVE-2022-32091, CVE-2022-38791, CVE-2022-47015
Jira References: PED-2455, SLE-12253, SLE-8269
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): mariadb104-10.4.30-150100.3.5.10, python-mysqlclient-1.4.6-150100.3.3.7
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): mariadb104-10.4.30-150100.3.5.10, python-mysqlclient-1.4.6-150100.3.3.7
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): mariadb104-10.4.30-150100.3.5.10, python-mysqlclient-1.4.6-150100.3.3.7
SUSE CaaS Platform 4.0 (src): mariadb104-10.4.30-150100.3.5.10, python-mysqlclient-1.4.6-150100.3.3.7

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 17 Maintenance Automation 2023-12-29 12:30:24 UTC

SUSE-RU-2023:4991-1: An update that solves 221 vulnerabilities and contains three features can now be installed.

Category: recommended (moderate)
Bug References: 1001367, 1005555, 1005558, 1005562, 1005564, 1005566, 1005569, 1005581, 1005582, 1006539, 1008253, 1012075, 1013882, 1019948, 1020873, 1020875, 1020877, 1020878, 1020882, 1020884, 1020885, 1020890, 1020891, 1020894, 1020896, 1020976, 1022428, 1038740, 1039034, 1041525, 1041891, 1042632, 1043328, 1047218, 1055165, 1055268, 1058374, 1058729, 1060110, 1062583, 1067443, 1068906, 1069401, 1080891, 1083087, 1088681, 1092544, 1098683, 1101676, 1101677, 1101678, 1103342, 1111858, 1111859, 1112368, 1112377, 1112384, 1112386, 1112391, 1112397, 1112404, 1112415, 1112417, 1112421, 1112432, 1112767, 1116686, 1118754, 1120041, 1122198, 1122475, 1127027, 1132666, 1136035, 1142909, 1143215, 1144314, 1156669, 1160285, 1160868, 1160878, 1160883, 1160895, 1160912, 1166781, 1168380, 1170204, 1173028, 1173516, 1174559, 1175596, 1177472, 1178428, 1180014, 1182218, 1182255, 1182739, 1183770, 1185870, 1185872, 1186031, 1189320, 1192497, 1195325, 1195334, 1195339, 1196016, 1197459, 1198603, 1198604, 1198605, 1198606, 1198607, 1198609, 1198610, 1198611, 1198612, 1198613, 1198628, 1198629, 1198630, 1198631, 1198632, 1198633, 1198634, 1198635, 1198636, 1198637, 1198638, 1198639, 1198640, 1199928, 1200105, 1201161, 1201163, 1201164, 1201165, 1201166, 1201167, 1201168, 1201169, 1201170, 1202863, 332530, 353120, 357634, 359522, 366820, 371000, 387746, 420313, 425079, 427384, 429618, 435519, 437293, 463586, 520876, 525065, 525325, 539243, 539249, 557669, 635645, 747811, 763150, 779476, 789263, 792444, 796164, 829430, 841709, 859345, 889126, 894479, 902396, 914370, 921955, 934789, 937754, 937767, 937787, 942908, 943096, 957174, 963810, 971456, 979524, 983938, 984858, 986251, 989913, 989919, 989922, 989926, 990890, 998309
CVE References: CVE-2006-0903, CVE-2006-4226, CVE-2006-4227, CVE-2007-5969, CVE-2007-5970, CVE-2007-6303, CVE-2007-6304, CVE-2008-2079, CVE-2008-7247, CVE-2009-4019, CVE-2009-4028, CVE-2009-4030, CVE-2012-4414, CVE-2012-5611, CVE-2012-5612, CVE-2012-5615, CVE-2012-5627, CVE-2013-1976, CVE-2015-4792, CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4895, CVE-2015-4913, CVE-2015-5969, CVE-2015-7744, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0610, CVE-2016-0616, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0644, CVE-2016-0646, CVE-2016-0649, CVE-2016-0650, CVE-2016-0651, CVE-2016-0668, CVE-2016-2047, CVE-2016-3477, CVE-2016-3492, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5584, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-6662, CVE-2016-6663, CVE-2016-6664, CVE-2016-7440, CVE-2016-8283, CVE-2016-9843, CVE-2017-10268, CVE-2017-10286, CVE-2017-10320, CVE-2017-10365, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384, CVE-2017-15365, CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3257, CVE-2017-3258, CVE-2017-3265, CVE-2017-3291, CVE-2017-3302, CVE-2017-3308, CVE-2017-3309, CVE-2017-3312, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464, CVE-2017-3636, CVE-2017-3641, CVE-2017-3653, CVE-2018-25032, CVE-2018-2562, CVE-2018-2612, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665, CVE-2018-2668, CVE-2018-2755, CVE-2018-2759, CVE-2018-2761, CVE-2018-2766, CVE-2018-2767, CVE-2018-2771, CVE-2018-2777, CVE-2018-2781, CVE-2018-2782, CVE-2018-2784, CVE-2018-2786, CVE-2018-2787, CVE-2018-2810, CVE-2018-2813, CVE-2018-2817, CVE-2018-2819, CVE-2018-3058, CVE-2018-3060, CVE-2018-3063, CVE-2018-3064, CVE-2018-3066, CVE-2018-3143, CVE-2018-3156, CVE-2018-3162, CVE-2018-3173, CVE-2018-3174, CVE-2018-3185, CVE-2018-3200, CVE-2018-3251, CVE-2018-3277, CVE-2018-3282, CVE-2018-3284, CVE-2019-18901, CVE-2019-2510, CVE-2019-2537, CVE-2019-2614, CVE-2019-2627, CVE-2019-2628, CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2758, CVE-2019-2805, CVE-2019-2938, CVE-2019-2974, CVE-2020-13249, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789, CVE-2020-14812, CVE-2020-15180, CVE-2020-2574, CVE-2020-2752, CVE-2020-2760, CVE-2020-2812, CVE-2020-2814, CVE-2020-7221, CVE-2021-2154, CVE-2021-2166, CVE-2021-2372, CVE-2021-2389, CVE-2021-27928, CVE-2021-35604, CVE-2021-46657, CVE-2021-46658, CVE-2021-46659, CVE-2021-46661, CVE-2021-46663, CVE-2021-46664, CVE-2021-46665, CVE-2021-46668, CVE-2021-46669, CVE-2022-21427, CVE-2022-21595, CVE-2022-24048, CVE-2022-24050, CVE-2022-24051, CVE-2022-24052, CVE-2022-27376, CVE-2022-27377, CVE-2022-27378, CVE-2022-27379, CVE-2022-27380, CVE-2022-27381, CVE-2022-27382, CVE-2022-27383, CVE-2022-27384, CVE-2022-27386, CVE-2022-27387, CVE-2022-27444, CVE-2022-27445, CVE-2022-27446, CVE-2022-27447, CVE-2022-27448, CVE-2022-27449, CVE-2022-27451, CVE-2022-27452, CVE-2022-27455, CVE-2022-27456, CVE-2022-27457, CVE-2022-27458, CVE-2022-32081, CVE-2022-32083, CVE-2022-32084, CVE-2022-32085, CVE-2022-32086, CVE-2022-32087, CVE-2022-32088, CVE-2022-32089, CVE-2022-32091, CVE-2022-38791, CVE-2022-47015
Jira References: PED-2455, SLE-12253, SLE-8269
Sources used:
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): mariadb-connector-c-3.1.22-2.35.1, lz4-1.8.0-3.5.2, python-mysqlclient-1.3.14-8.9.2, mariadb104-10.4.30-8.5.46
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): mariadb-connector-c-3.1.22-2.35.1, lz4-1.8.0-3.5.2, python-mysqlclient-1.3.14-8.9.2, mariadb104-10.4.30-8.5.46
SUSE Linux Enterprise Server 12 SP5 (src): mariadb-connector-c-3.1.22-2.35.1, lz4-1.8.0-3.5.2, python-mysqlclient-1.3.14-8.9.2, mariadb104-10.4.30-8.5.46
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): mariadb-connector-c-3.1.22-2.35.1, lz4-1.8.0-3.5.2, python-mysqlclient-1.3.14-8.9.2, mariadb104-10.4.30-8.5.46

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Robert Frohl 2024-04-19 11:29:57 UTC

done