Fortinet Discovers Multiple MariaDB 'Regular Expression' Parsing Denial of Service Vulnerabilities
Summary
Fortinet's FortiGuard Labs has discovered multiple denial of service vulnerabilities in MariaDB.MariaDB is an enhanced, drop-in replacement for MySQL. It remains free under the GNU GPL. MariaDB strives to be the logical choice for database professionals looking for a robust, scalable, and reliable SQL server.
These discovered vulnerabilities are caused due to incorrectly handling specially crafted regular expressions. They could be exploited by attackers via crafted regular expression with the REGEXP_SUBSTR function.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:MariaDB.PCRE.Handling.Multiple.Remote.DoS
Released Apr 22, 2015
Users should apply the solution provided by MariaDB.
Additional Information
The vulnerabilities actually exist in the 3rd-party PCRE library incorporated into MariaDB. The PCRE library 8.37 has fixed them.Acknowledgement
These vulnerabilities were discovered by Kai Lu of Fortinet's FortiGuard Labs.References
- https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ https://mariadb.atlassian.net/browse/MDEV-8006Â http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-2325Â http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-2326 http://www.fortiguard.com/advisory/FG-VD-15-015/ http://www.fortiguard.com/advisory/FG-VD-15-016/