The following information pertains to information discovered by Fortinet's FortiGuard Labs. It has been determined that two vulnerabilities exist in MariaDB.
Proof of Concept/How to Reproduce:
To reproduce the first issue, you can use mysql to access remote MariaDB server (for example, "mysql -uroot -p") and do the following database operation：
To reproduce the second issue, do the following database operation：
It causes the MariaDB Server down. And some screenshots are attached.
Note: The repro of these two issues may be unstable, sometimes you need to try it many times.
The root cause of these issues exists in the underlying pcre lib. They had been reported to pcre lib developer and fixed in the latest pcre lib version 8.37.
Type of Vulnerability & Repercussions:
Remote Denial of Service
Other versions may be affected too
Windows 7 x64(en)
Upcoming Advisory Reference:
These vulnerabilities were discovered by Kai Lu of Fortinet's FortiGuard Labs.