CVE-2021-46659Improper Input Validation in Mariadb

CWE-20Improper Input Validation7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 88.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
MariadbDebian Mariadb-10.5Fedoraproject Fedora+6 more
Timeline
PublishedJan 29
Latest updateFeb 28

Description

MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

NVDmariadb/mariadb5.5.010.2.42+5
debiandebian/mariadb-10.5< mariadb-10.5 1:10.5.15-0+deb11u1 (bullseye)

Also affects: Fedora 34, 35, 36

🔴Vulnerability Details

2
GHSA
GHSA-hpgh-p2hm-xrpr: MariaDB before 102022-01-31
OSV
CVE-2021-46659: MariaDB before 102022-01-29

📋Vendor Advisories

4
Ubuntu
MariaDB vulnerabilities2022-02-28
Microsoft
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.2022-01-11
Red Hat
mariadb: Crash executing query with VIEW, aggregate and subquery2021-05-10
Debian
CVE-2021-46659: mariadb-10.5 - MariaDB before 10.7.2 allows an application crash because it does not recognize ...2021