Cyber Resilience

CVE-2022-31026

Medium

Published: 09 June 2022

Published
09 June 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0030 53.5th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-31026 is a medium-severity Use of Uninitialized Resource (CWE-908) vulnerability in Trilogy Project Trilogy. Its CVSS base score is 5.9 (Medium).

Operationally, ranked in the top 46.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users…

more

of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

trilogy project
trilogy
≤ 2.1.1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References