CVE-2020-15180

NameCVE-2020-15180
DescriptionA flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2409-1, DSA-4776-1
NVD severitymedium
Debian Bugs972746

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mariadb-10.1 (PTS)stretch10.1.45-0+deb9u1vulnerable
stretch (security)10.1.48-0+deb9u2fixed
mariadb-10.3 (PTS)buster1:10.3.29-0+deb10u1fixed
buster (security)1:10.3.25-0+deb10u1fixed
mariadb-10.5 (PTS)bullseye1:10.5.11-1fixed
bookworm, sid1:10.5.12-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mariadb-10.1sourcestretch10.1.47-0+deb9u1DLA-2409-1
mariadb-10.1source(unstable)(unfixed)
mariadb-10.3sourceexperimental1:10.3.27-1~exp1
mariadb-10.3sourcebuster1:10.3.25-0+deb10u1DSA-4776-1
mariadb-10.3source(unstable)(unfixed)972746
mariadb-10.5source(unstable)1:10.5.6-1
percona-xtradb-cluster-5.5source(unstable)(unfixed)

Notes

Fixed in MariaDB 10.5.6, 10.4.15, 10.3.25, 10.2.34, 10.1.47
https://jira.mariadb.org/browse/MDEV-23884
https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/

Search for package or bug name: Reporting problems