CVE-2021-46666 — Reachable Assertion in Mariadb

CWE-617 — Reachable Assertion CWE-20 — Improper Input Validation8 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 80.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mariadb Debian Mariadb-10.5 Msrc Cbl2 Mariadb 10.6.7-1 ON CBL Mariner 2.0 +1 more

Timeline

PublishedFeb 1

Latest updateFeb 6

Description

MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDmariadb/mariadb10.3.0 — 10.3.30+4

▶debiandebian/mariadb-10.5< mariadb-10.5 1:10.5.11-1 (bullseye)

▶msrcmsrc/cbl2_mariadb_10.6.7-1_on_cbl_mariner_2.0

▶msrcmsrc/cm1_mariadb_10.3.32-1_on_cbl_mariner_1.0

Patches

Patch: mariadb.com ↗Patch: mariadb.com ↗

🔴Vulnerability Details

GHSA

GHSA-qhvg-j82m-w264: MariaDB before 10↗2022-02-02

▶

OSV

CVE-2021-46666: MariaDB before 10↗2022-02-01

▶

📋Vendor Advisories

CISA ICS

Festo Didactic SE MES PC↗2026-01-27

▶

Microsoft

MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.↗2022-02-08

▶

Red Hat

mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause↗2021-05-10

▶

Debian

CVE-2021-46666: mariadb-10.5 - MariaDB before 10.6.2 allows an application crash because of mishandling of a pu...↗2021

▶

📄Research Papers

arXiv

Beyond Function-Level Analysis: Context-Aware Reasoning for Inter-Procedural Vulnerability Detection↗2026-02-06

▶