MariaDB Connector does not properly validate the content of an OK packet received from a client.
When analyzing the diff it looks like we can expect a PoC very soon; this also reflects the CVSS of 9.8
NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.
We found 275.000 MariaDB-Installations worldwide.
Fragen? Kontakt: info@zero.bs