CVE-2020-13249 — HIGH (8.8)

Q: How severe is CVE-2020-13249?

CVE-2020-13249 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-13249?

Check the references section above for vendor advisories and patch information. Affected products include: Mariadb Connector\/C, Opensuse Leap, Fedoraproject Fedora.

Vulnerability Description

libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mariadb	Connector\/C	< 3.1.8
Opensuse	Leap	15.1
Fedoraproject	Fedora	31

References

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00064.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.htmlBroken LinkMailing ListThird Party Advisory
https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926bPatchThird Party Advisory
https://github.com/mariadb-corporation/mariadb-connector-c/compare/v3.1.7...v3.1Release NotesThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00064.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.htmlBroken LinkMailing ListThird Party Advisory
https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926bPatchThird Party Advisory
https://github.com/mariadb-corporation/mariadb-connector-c/compare/v3.1.7...v3.1Release NotesThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro

FAQ

What is CVE-2020-13249?

CVE-2020-13249 is a vulnerability with a CVSS score of 8.8 (HIGH). libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code sh...

How severe is CVE-2020-13249?

CVE-2020-13249 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-13249?

Check the references section above for vendor advisories and patch information. Affected products include: Mariadb Connector\/C, Opensuse Leap, Fedoraproject Fedora.