CVE-2023-52971 — Insecure Automated Optimizations in Mariadb

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 78.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMar 8

Latest updateJul 8

Description

MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

▶CVEListV5mariadb/mariadb10.10 — 10.11.*+1

▶Debianmariadb/mariadb< 1:10.11.13-0+deb12u1+2

GHSA

GHSA-j57w-cc2h-3w6w: MariaDB Server 10↗2025-03-09

▶

CVEList

CVE-2023-52971: MariaDB Server 10↗2025-03-08

▶

OSV

CVE-2023-52971: MariaDB Server 10↗2025-03-08

▶

Microsoft

MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.↗2025-07-08

▶

Ubuntu

MariaDB vulnerabilities↗2025-06-02

▶

Red Hat

mariadb: MariaDB Server Crash↗2025-03-08

▶

Debian

CVE-2023-52971: mariadb - MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fi...↗2023

▶