阿里云漏洞库

漏洞描述

A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://access.redhat.com/errata/RHSA-2023:5683
https://access.redhat.com/errata/RHSA-2023:5684
https://access.redhat.com/errata/RHSA-2023:6821
https://access.redhat.com/errata/RHSA-2023:6822
https://access.redhat.com/errata/RHSA-2023:6883
https://access.redhat.com/errata/RHSA-2023:7633
https://access.redhat.com/security/cve/CVE-2023-5157
https://bugzilla.redhat.com/show_bug.cgi?id=2240246

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	mariadb	mariadb	*		Up to (excluding) 10.4.26
	运行在以下环境
	应用	mariadb	mariadb	*	From (including) 10.5.0	Up to (excluding) 10.5.17
	运行在以下环境
	应用	mariadb	mariadb	*	From (including) 10.6.0	Up to (excluding) 10.6.9
	运行在以下环境
	应用	mariadb	mariadb	*	From (including) 10.7.0	Up to (excluding) 10.7.5
	运行在以下环境
	应用	mariadb	mariadb	*	From (including) 10.8.0	Up to (excluding) 10.8.4
	运行在以下环境
	系统	alibaba_cloud_linux_3	galera	*		Up to (excluding) 10.5.22-1.0.1.al8
	运行在以下环境
	系统	alma_linux_9	galera	*		Up to (excluding) 10.5.22-1.el9_2.alma.1
	运行在以下环境
	系统	amazon_2	mariadb	*		Up to (excluding) 10.5.18-1.amzn2
	运行在以下环境
	系统	debian_10	galera-3	*		Up to (excluding) 25.3.25-2
	运行在以下环境
	系统	debian_12	galera-3	*		Up to (excluding) 25.3.37-1
	运行在以下环境
	系统	kylinos_aarch64_V10	mariadb	*		Up to (excluding) 10.3.39-1.p01.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10HPC	mariadb	*		Up to (excluding) 10.5.22-1.p01.ky10h
	运行在以下环境
	系统	kylinos_aarch64_V10SP1	mariadb	*		Up to (excluding) 10.3.39-1.p01.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP2	mariadb	*		Up to (excluding) 10.3.39-1.p01.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP3	mariadb	*		Up to (excluding) 10.3.39-1.p01.ky10
	运行在以下环境
	系统	kylinos_loongarch64_V10SP1	mariadb	*		Up to (excluding) 10.3.39-1.p03.a.ky10
	运行在以下环境
	系统	kylinos_loongarch64_V10SP3	mariadb	*		Up to (excluding) 10.3.39-1.p04.a.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10	mariadb	*		Up to (excluding) 10.3.39-1.p01.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10HPC	mariadb	*		Up to (excluding) 10.5.22-1.p01.ky10h
	运行在以下环境
	系统	kylinos_x86_64_V10SP1	mariadb	*		Up to (excluding) 10.3.39-1.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP2	mariadb	*		Up to (excluding) 10.3.39-1.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP3	mariadb	*		Up to (excluding) 10.3.39-1.ky10
	运行在以下环境
	系统	oracle_9	galera	*		Up to (excluding) 10.5.22-1.el9_2
	运行在以下环境
	系统	redhat_9	galera	*		Up to (excluding) 10.5.22-1.el9_2

攻击路径

本地
攻击复杂度

复杂
权限要求

普通权限
影响范围

越权影响
EXP成熟度

未验证
补丁情况

官方补丁
数据保密性

无影响
数据完整性

无影响
服务器危害

无影响
全网数量

N/A

CWE-ID	漏洞类型
CWE-400	未加控制的资源消耗（资源穷尽）
NVD-CWE-noinfo

中危 节点因传输端点未连接而崩溃 mysqld 收到信号 6 (CVE-2023-5157)

漏洞描述

解决建议

参考链接

受影响软件情况

中危节点因传输端点未连接而崩溃 mysqld 收到信号 6 (CVE-2023-5157)