CVE-2021-46657Improper Input Validation in Mariadb

CWE-20Improper Input ValidationCWE-400Uncontrolled Resource Consumption6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 79.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
MariadbDebian Mariadb-10.5Msrc Cbl2 Mariadb 10.6.7-1 ON CBL Mariner 2.0+5 more
Timeline
PublishedJan 29
Latest updateJan 31

Description

get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

NVDmariadb/mariadb10.0.010.2.39+5
debiandebian/mariadb-10.5< mariadb-10.5 1:10.5.11-1 (bullseye)

Patches

Patch: jira.mariadb.orgPatch: mariadb.comPatch: jira.mariadb.org

🔴Vulnerability Details

2
GHSA
GHSA-3qqv-wmpg-38v7: get_sort_by_table in MariaDB before 102022-01-31
OSV
CVE-2021-46657: get_sort_by_table in MariaDB before 102022-01-29

📋Vendor Advisories

3
Microsoft
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.2022-01-11
Red Hat
mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref2021-05-10
Debian
CVE-2021-46657: mariadb-10.5 - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certa...2021