{"id":"CVE-2020-13249","details":"libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.","modified":"2026-04-11T21:19:51.271084Z","published":"2020-05-20T19:15:09.163Z","related":["ALSA-2020:5500","ALSA-2020:5503","SUSE-RU-2023:3956-1","SUSE-RU-2023:4991-1","SUSE-SU-2020:1423-1","SUSE-SU-2020:1431-1","SUSE-SU-2020:1710-1","SUSE-SU-2020:1711-1","SUSE-SU-2020:3625-1","openSUSE-SU-2020:0738-1","openSUSE-SU-2020:0870-1","openSUSE-SU-2024:11038-1","openSUSE-SU-2024:11039-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/"},{"type":"ADVISORY","url":"https://github.com/mariadb-corporation/mariadb-connector-c/compare/v3.1.7...v3.1.8"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00064.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html"},{"type":"FIX","url":"https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb-corporation/mariadb-connector-c","events":[{"introduced":"0"},{"fixed":"2759b87d72926b7c9b5426437a7c8dd15ff57945"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.1.8"}]}}],"versions":["add","v3.0.1-beta","v3.0.4","v3.0.5","v3.0.6","v3.0.7","v3.0.8","v3.1.0","v3.1.1","v3.1.2","v3.1.3","v3.1.4","v3.1.5","v3.1.6","v3.1.7"],"database_specific":{"vanir_signatures":[{"id":"CVE-2020-13249-54053a89","source":"https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945","digest":{"threshold":0.9,"line_hashes":["6952442027606135929162894614051795482","226808333526667230143963077212787108225","336091071272911017670366939765904092730","151527159020156594566411829374814913233","102162187730078229297492766698177893219","91563339908151848531346274077460576468","114845881546031594650019308467304303611","243917120594954867533950732662208665181","340165741657813462633652323703174594395","90745243017409522733773381782787642234","144790138812063007633521189101073058562","316647692337548621006178307256113664847","128170776215724730045761495647682038365","4050730958409481013900319264625377814","238651622235208979884305350873469634014","173593458824015598828887901200317384758","91382770000990539890897157026068564835","326693156351913616211983463676269075041","323955681946102163473138871909625313199","60859661048530879989555948167566090086","165695854491076971140324752499222296666","187226365362876395201603065453275478080","242580551506749286971450837032744538899","245298900313442218532146008824808536699","317124507606508115203210261296724610788","188950507312657896951029600617696463926","242764081211181047130668465947612700283","126087194760680105553835174856866732717","46831687309041694093771589109402026633","260674223820300171846594137179807938029","39345478439542202344512727283464604059","281215884659286549708274902123280854335","137274654299158589354635769965127755367","26884543679518803281583476939270897816","229317215204436611192430566490706700102","117770116556251355319677687907794778732","232672229693460475922162605201967421634","162162957513842710143048356740042289008","329152811217042409525091253091738140002","8701527338793008705318594801740501862","60783755706011669762370930008171860268","95236224665626649084887494626717493675","332560938884582694254420132787254751447","39056306570050422262194217466767045075","258464979428492558803089016356914625386","239184683103936923316603811214179339515","224841557785421441987174519825175369512","250366741021474000257274926541616379567","229317215204436611192430566490706700102","117770116556251355319677687907794778732","232672229693460475922162605201967421634","162162957513842710143048356740042289008","329152811217042409525091253091738140002","8701527338793008705318594801740501862","60783755706011669762370930008171860268","95236224665626649084887494626717493675","332560938884582694254420132787254751447","39056306570050422262194217466767045075","258464979428492558803089016356914625386","300696671099439187162736280161306899603","115357198581437856837574481930847132596","57223111232721483157025154878265324345","306245693855114326634145747305630579657","14273594759210414525484900422972882399","226064935758801066388090209461941949491","322039371342591494650323967838741993089","25170657753376177347104692769142951973","284343223558826146371214960236122459770","267178159854705480287545924621161920302","28718947049278711627932609069458747217","19076173490218907386803943007705462610","95585250294779390560191106198665764740","100429890314083773895265994693509993868","83184666081262434522265688606282630094","191165297057657537086126505510948081616","179356172074093877643555464037699927208","263081409950063281925577680832980084968","71882146533525205508007788286970538552","295470291791925312797409837302602943774","332445562319019621832764255314135344922","129019944456274438060104248226562412992","321176522691425054544991614761992486596","227943008192775140295811825366538751717","123749974696652419607192116526727972956","263372456125046114622492980188433044632"]},"deprecated":false,"signature_type":"Line","signature_version":"v1","target":{"file":"libmariadb/mariadb_lib.c"}},{"id":"CVE-2020-13249-e528d5d1","source":"https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945","digest":{"length":3190,"function_hash":"126379931598525070619262289404115770603"},"deprecated":false,"signature_type":"Function","signature_version":"v1","target":{"function":"ma_read_ok_packet","file":"libmariadb/mariadb_lib.c"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13249.json","vanir_signatures_modified":"2026-04-11T21:19:51Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}