CVE 2022-27456

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.

Related bugs and status

CVE-2022-27456 (Candidate) is related to these bugs:

Bug #1996452: CVE-2022-32091 et al affect MariaDB in Ubuntu

		In	Importance	Status
1996452	CVE-2022-32091 et al affect MariaDB in Ubuntu	mariadb-10.3 (Ubuntu)	Undecided	Fix Released
1996452	CVE-2022-32091 et al affect MariaDB in Ubuntu	mariadb-10.6 (Ubuntu)	Undecided	Fix Released
1996452	CVE-2022-32091 et al affect MariaDB in Ubuntu	mariadb-10.6 (Ubuntu Jammy)	Undecided	Fix Released
1996452	CVE-2022-32091 et al affect MariaDB in Ubuntu	mariadb-10.6 (Ubuntu Kinetic)	Undecided	Fix Released

Bug #2002281: [Debian] CVE: CVE-2021-46669/CVE-2022-27376/CVE-2022-27377...CVE-2022-32089/CVE-2022-32091: mariadb: multiple CVEs

Summary				In	Importance	Status
	2002281	[Debian] CVE: CVE-2021-46669/CVE-2022-27376/CVE-2022-27377...CVE-2022-32089/CVE-2022-32091: mariadb: multiple CVEs		StarlingX	Critical	Fix Released

See the

CVE page on Mitre.org for more details.