Bug 1215712 (CVE-2023-5157)

Summary: VUL-0: CVE-2023-5157: mariadb,mariadb-100: node crashes with Transport endpoint is not connected mysqld got signal 6
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: cathy.hu, simonalogan
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/379739/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2023-09-26 08:20:58 UTC 
Node crashes with Transport endpoint is not connected mysqld got signal 6.

References:
https://issues.redhat.com/browse/RHEL-5223
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5157
Comment 2 Simon Logan 2023-11-24 12:07:09 UTC 
Hi folks, are you sure you have the right CVE here?

https://www.suse.com/security/cve/CVE-2023-5157.html and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5157 described it as "A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service."

The description here is "mariadb,mariadb-100: node crashes with Transport endpoint is not connected mysqld got signal 6"

Thanks,
Simon
Comment 5 Simon Logan 2024-04-09 15:59:17 UTC 
(In reply to Simon Logan from comment #2)
> Hi folks, are you sure you have the right CVE here?
> 
> https://www.suse.com/security/cve/CVE-2023-5157.html and
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5157 described it as
> "A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306
> and 4567 allows a malicious remote client to cause a denial of service."
> 
> The description here is "mariadb,mariadb-100: node crashes with Transport
> endpoint is not connected mysqld got signal 6"
> 
> Thanks,
> Simon

Hi folks, please check my question in comment 2.

Thanks,
Simon
Comment 6 Gabriele Sonnu 2024-06-07 15:37:58 UTC 
All done, closing.
Comment 7 Simon Logan 2024-06-07 20:41:22 UTC 
The mismatching titles seem to come from https://bugzilla.redhat.com/show_bug.cgi?id=2240246
which has

Title: "CVE-2023-5157 mariadb: node crashes with Transport endpoint is not connected mysqld got signal 6"

Doc Text: "A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service."

Mismatch explained.