CVE-2022-31026
Published: 09 June 2022
Summary
CVE-2022-31026 is a medium-severity Use of Uninitialized Resource (CWE-908) vulnerability in Trilogy Project Trilogy. Its CVSS base score is 5.9 (Medium).
Operationally, ranked in the top 46.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-5938
Vulnerability details
Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users…
more
of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.