CVE-2024-27766
Published: October 20, 2024Last modified: June 17, 2025
Description
An issue in MYSQL MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.7 |
| Attack Vector | PHYSICAL |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | LOW |
| Availability impact | LOW |
| Vector | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
Notes
According to https://ubuntu.com/security/CVE-2024-27766 this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | mariadb | Will not fix (10.6.12-r0) |
| Stream | mariadb | Will not fix (10.11.4-r0) |