[SB 20.19] MariaDB has potentially RCE (CVE-2020-13249)

MariaDB Connector does not properly validate the content of an OK packet received from a client.

When analyzing the diff it looks like we can expect a PoC very soon; this also reflects the CVSS of 9.8

NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.

We found 275.000 MariaDB-Installations worldwide.


Fragen? Kontakt: info@zero.bs