{"id":"CVE-2022-47015","details":"MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.","aliases":["BIT-mariadb-2022-47015","BIT-mariadb-min-2022-47015","BIT-mysql-client-2022-47015"],"modified":"2026-04-16T04:35:24.888993746Z","published":"2023-01-20T19:15:17.443Z","related":["ALSA-2023:5259","ALSA-2023:5683","ALSA-2023:5684","CGA-64p5-rj3f-64jv","SUSE-RU-2023:3956-1","SUSE-RU-2023:4991-1","SUSE-SU-2023:2478-1","SUSE-SU-2023:2478-2","SUSE-SU-2023:2479-1","SUSE-SU-2023:2991-1","SUSE-SU-2023:3712-1","openSUSE-SU-2024:12956-1"],"references":[{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O22PO3Q6TRSNJI2A2WTJH3VVCHEKBF6C/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUQ33SPQCZQD63TWAM3XKFNVNFRGPFYU/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230309-0009/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00005.html"},{"type":"FIX","url":"https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"20ae591abd0bfe1bfaee546989ee163f4ef832b1"},{"fixed":"ca001cf2048f0152689e1895e2dc15486dd0b1af"},{"introduced":"c761b43451d54eeeecdf3c102906fcce88d4e9d9"},{"fixed":"2594da7a33580bf03590502a011679c878487d0c"},{"introduced":"7c7f9bef28aa566557da31402142f6dd8298ddd2"},{"fixed":"b735ca47738a1d2e995a429f40afd620eb7d8843"},{"introduced":"1a647b700f6b72dc97211510a5d0c647d5d3d911"},{"fixed":"a24f2bb50ba4a0dd4127455f7fcdfed584937f36"},{"introduced":"0"},{"fixed":"2668d596d1b4da99206146e4a2a25fc2d5dabeff"},{"introduced":"0"},{"fixed":"34762401297a98114cac7c02f664f52ccf20f809"},{"introduced":"0"},{"fixed":"91b31ce43d0ec213998fd79d5648da965fb1f2fc"},{"introduced":"0"},{"fixed":"0bb31039f54bd6a0dc8f0fc7d40e6b58a51998b0"},{"fixed":"be0a46b3d52b58956fd0d47d040b9f4514406954"}],"database_specific":{"versions":[{"introduced":"10.3.0"},{"fixed":"10.3.39"},{"introduced":"10.4.0"},{"fixed":"10.4.29"},{"introduced":"10.5.0"},{"fixed":"10.5.20"},{"introduced":"10.6.0"},{"fixed":"10.6.13"},{"introduced":"10.8.0"},{"fixed":"10.8.8"},{"introduced":"10.9.0"},{"fixed":"10.9.6"},{"introduced":"10.10.0"},{"fixed":"10.10.4"},{"introduced":"10.11.0"},{"fixed":"10.11.3"}]}}],"versions":["mariadb-10.10.1","mariadb-10.10.2","mariadb-10.10.2-release","mariadb-10.10.3","mariadb-10.11.1","mariadb-10.11.2","mariadb-10.3.0","mariadb-10.3.1","mariadb-10.3.10","mariadb-10.3.12","mariadb-10.3.16","mariadb-10.3.17","mariadb-10.3.18","mariadb-10.3.19","mariadb-10.3.2","mariadb-10.3.20","mariadb-10.3.21","mariadb-10.3.26","mariadb-10.3.30","mariadb-10.3.31","mariadb-10.3.33","mariadb-10.3.35","mariadb-10.3.36","mariadb-10.3.37","mariadb-10.3.38","mariadb-10.3.4","mariadb-10.3.5","mariadb-10.3.6","mariadb-10.3.7","mariadb-10.4.10","mariadb-10.4.11","mariadb-10.4.20","mariadb-10.4.21","mariadb-10.4.22","mariadb-10.4.23","mariadb-10.4.25","mariadb-10.4.26","mariadb-10.4.27","mariadb-10.4.28","mariadb-10.4.3","mariadb-10.4.4","mariadb-10.4.5","mariadb-10.4.7","mariadb-10.4.9","mariadb-10.5.0","mariadb-10.5.11","mariadb-10.5.12","mariadb-10.5.13","mariadb-10.5.14","mariadb-10.5.16","mariadb-10.5.17","mariadb-10.5.18","mariadb-10.5.2","mariadb-10.5.4","mariadb-10.6.0","mariadb-10.6.1","mariadb-10.6.10","mariadb-10.6.11","mariadb-10.6.12","mariadb-10.6.2","mariadb-10.6.3","mariadb-10.6.4","mariadb-10.6.5","mariadb-10.6.6","mariadb-10.6.8","mariadb-10.6.9","mariadb-10.8.1","mariadb-10.8.3","mariadb-10.8.4","mariadb-10.8.5","mariadb-10.8.6","mariadb-10.8.7","mariadb-10.9.1","mariadb-10.9.2","mariadb-10.9.3","mariadb-10.9.4","mariadb-10.9.5"],"database_specific":{"vanir_signatures":[{"id":"CVE-2022-47015-15e19535","digest":{"line_hashes":["312658079401165488443406098196212865955","73084194139858368013323960861700526506","45551148580383206693784356496162843061","297511518443520928247864669446720922934"],"threshold":0.9},"source":"https://github.com/mariadb/server/commit/a24f2bb50ba4a0dd4127455f7fcdfed584937f36","target":{"file":"sql/field.cc"},"signature_version":"v1","deprecated":false,"signature_type":"Line"},{"id":"CVE-2022-47015-2623312f","source":"https://github.com/mariadb/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954","signature_version":"v1","target":{"file":"storage/spider/spd_db_mysql.h"},"digest":{"line_hashes":["262183601554466879303542139680097441797","219460772531774330687168802094553720875","180516640286265012657797429331672688277","259411688451775829275281600708079025690","308105200068685041030647761518518488227","336043570082798588763913224876227651988"],"threshold":0.9},"deprecated":false,"signature_type":"Line"},{"id":"CVE-2022-47015-5d09b33c","source":"https://github.com/mariadb/server/commit/2594da7a33580bf03590502a011679c878487d0c","signature_version":"v1","target":{"function":"check_join_cache_usage","file":"sql/sql_select.cc"},"digest":{"length":4411,"function_hash":"29620726882374727492994359726732491059"},"deprecated":false,"signature_type":"Function"},{"id":"CVE-2022-47015-64f1ddce","source":"https://github.com/mariadb/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954","signature_version":"v1","target":{"function":"spider_db_mbase::print_warnings","file":"storage/spider/spd_db_mysql.cc"},"digest":{"length":1295,"function_hash":"80176887243444836381511454193797483904"},"deprecated":false,"signature_type":"Function"},{"digest":{"line_hashes":["118189557732478373997286318020867696164","155889006750705725047854074464264916337","315138518959075738840878797839293231705","126636845567606737288470163038273948620"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/mariadb/server/commit/2594da7a33580bf03590502a011679c878487d0c","target":{"file":"sql/sql_select.cc"},"id":"CVE-2022-47015-d28cfc2b","deprecated":false,"signature_type":"Line"},{"signature_version":"v1","id":"CVE-2022-47015-d8b1c05f","digest":{"line_hashes":["254192567725623803008452046725777241988","319507803863195792634278904037447303399","141002786193143967955474157894371433373","119698504016579500124273537942971179329","41758622846282241057034844141729027389","127046117630619674679145162654344087429","9827524947422186008714606351842408991","274357843765213334694652004279443393436","251544921041534108193378618204000635506","310310547847029634194500366985806513914","102620932679455695300785552023806141463","19177429045017051514589764559449097045","30588458219454501670215019527577346619","33872012908832064410468094426380856177","157491852238909173588842361506269237735","64362370982600800860058898856162873790","44627775822241874809299137942637227990","333972606457052682051807701440943671070","314456323943297073334398128115641035994","321583308976869202719675587584703687069","128568161881214676930310378739565848615","294303660624473172930612006348318247644","322793817747552194949793229423212508916","282910123905560167444252760160972945736","116477730958547172637296691568680526459","229723689330028387258787286753565275667","32778791601020353828709323938623316392","115946028600914397510074276633458560214","193359386311141179742161875535107239682","212328063663317545379023527414554797706","119669661319323164289397667201505969238","42005863716333758012841701291591401371","220581082277654824416299837255868258588","85164737961231038176058362241457429460","194600565738041931503434215635297631942","146393969496086621022703112500570395094","34445869217857271487296990409456660560","211992086002784646900754793609472939129","269300072214606178217833324854666063346","15109365170121484699198531554468426183","114580640541125972156482976944330118628","310539122930817265597320394720389033609","172775085809817710686714269581698627710","80739628491450587265267284322246220853","152952074923147889705102893579827824474","32775386887145961760668566212779757486","20383471864065409997022935345527068410","287019998809978238663923589986652918097","105335829427684995434900375402824007037","34407834833397897341595044210852560882","226535631213177732171495805933097074049","310038883619155113932846514889570753779","309788940498478262889396841027022211380","37443091159032879033940282057976618582","147497497876416170177139118820927156099","12006693355803981830882143522105480378","100821305716773024938637942878776333387","132381839429590287231718327283535754919","211899479910430766449293520818908135613","247506021959958802282277195862875121216","86783724728335647922456817887706627868"],"threshold":0.9},"target":{"file":"storage/spider/spd_db_mysql.cc"},"source":"https://github.com/mariadb/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954","deprecated":false,"signature_type":"Line"}],"vanir_signatures_modified":"2026-04-11T23:22:37Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-47015.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}