CVE-2023-52970 — Insecure Automated Optimizations in Mariadb

CWE-1038 — Insecure Automated Optimizations9 documents8 sources

Severity

4.9MEDIUMNVD

EPSS

0.3%

top 43.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mariadb

Timeline

PublishedMar 8

Latest updateJun 2

Description

MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5mariadb/mariadb10.4 — 10.5.*+4

▶Debianmariadb/mariadb< 1:10.11.13-0+deb12u1+2

🔴Vulnerability Details

GHSA

GHSA-g8xg-6v3j-w97f: MariaDB Server 10↗2025-03-09

▶

OSV

CVE-2023-52970: MariaDB Server 10↗2025-03-08

▶

CVEList

CVE-2023-52970: MariaDB Server 10↗2025-03-08

▶

📋Vendor Advisories

Ubuntu

MariaDB vulnerabilities↗2025-06-02

▶

Ubuntu

MariaDB vulnerabilities↗2025-05-20

▶

Microsoft

MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.↗2025-03-11

▶

Red Hat

mariadb: MariaDB Server Crash via Item_direct_view_ref↗2025-03-08

▶

Debian

CVE-2023-52970: mariadb - MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 1...↗2023

▶