Home > Vulnerability Database > CVE-2022-31026

Mend.io Vulnerability Database

CVE-2022-31026

Good to know:

Date: June 9, 2022

Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers.

Language: C

Severity Score

7.5

Related Resources (5)

Url: https://github.com/advisories/GHSA-5g4r-2qhx-vqfm

Url: https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-31026

Url: https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962

Url: https://www.mend.io/vulnerability-database/CVE-2022-31026

Severity Score

7.5

Weakness Type (CWE)

Use of Uninitialized Resource

CWE-908

Top Fix

Upgrade Version

Upgrade to version trilogy - 2.1.1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-31026

Good to know:

Date: June 9, 2022

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?