MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
An attacker with access to the MariaDB server can place a malicious shared file (library .so) containing UDF code, and then register it in the database using the 'CREATE FUNCTION' command. When this function is executed, the malicious code is run in the context of the database server process. MariaDB Foundation disputes the classification as a vulnerability, arguing that there is no privilege escalation — meaning the technique requires having appropriate permissions in the database.
An attacker can obtain remote code execution (RCE) on the server hosting MariaDB, potentially taking full control of the operating system, including access to sensitive data and the ability to modify or destroy resources.
Patches available from the vendor should be applied according to references. Due to the disputed nature of the vulnerability, it is recommended to apply the principle of least privilege for database accounts, limit the ability to load external UDF libraries, and implement restrictive access control to the MariaDB server.
MariaDB version 10.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMariaDB
APPMariadb10.5.0
Related vulnerabilities
MariaDB: command injection przez wsrep_notify_cmd w nazwie węzła Galera
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` all...
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified im...
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x bef...
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 ...