Zuming Jiang

**Name of the Vulnerable Software and Affected Versions** MariaDB versions prior to 10.6.5 **Description** The issue is related to an integer overflow in the sql lex.cc component of MariaDB, which can lead to an application crash. This can be exploited by an attacker to cause a denial of service. **Recommendations** For versions prior to 10.6.5, update to version 10.6.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the sql lex.cc component to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: MariaDB versions prior to 10.6.3 Description: The issue arises from the incorrect handling of `with window func=true` for a subquery in the `save window function values` function, leading to an application crash. Recommendations: For MariaDB versions prior to 10.6.3, update to version 10.6.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of `with window func=true` for subqueries in the `save window function values` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: MariaDB versions prior to 10.6.2 Description: The issue allows an application crash via certain subquery uses of ORDER BY. This is related to the get sort by table function in MariaDB. Recommendations: For MariaDB versions prior to 10.6.2, update to version 10.6.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of subqueries with ORDER BY to minimize the risk of application crashes.

**Name of the Vulnerable Software and Affected Versions** MariaDB versions prior to 10.6.2 **Description** The issue is related to the mishandling of a pushdown from a HAVING clause to a WHERE clause, which can cause an application crash. This can be exploited by an attacker to disrupt service. **Recommendations** For versions prior to 10.6.2, update to version 10.6.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of HAVING and WHERE clauses in queries until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** MariaDB versions 10.5.9 and earlier **Description** The issue is related to an uncontrolled resource consumption in MariaDB. This can be exploited to cause a denial of service. The problem arises from certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. **Recommendations** For MariaDB versions 10.5.9 and earlier, consider upgrading to a version that contains a fix for this issue. As a temporary workaround, consider restricting the use of long SELECT DISTINCT statements to minimize the risk of exploitation. Additionally, review configuration settings related to storage-engine resource limitations to ensure they are properly set to prevent abuse.

**Name of the Vulnerable Software and Affected Versions** MariaDB versions 10.5.9 and earlier **Description** The issue is related to errors in pointer handling, which can cause an application crash when a NULL value is encountered in the `aggr` variable within the `sub select postjoin aggr` function. This can lead to a denial of service. The problem is associated with the `sub select postjoin aggr` function for a NULL value of `aggr`. **Recommendations** For MariaDB versions 10.5.9 and earlier, consider updating to a version where this issue is resolved, as the current version allows an application crash in `sub select postjoin aggr` for a NULL value of `aggr`. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MariaDB versions 10.5.9 and earlier **Description** The issue is related to a use-after-free error in MariaDB, specifically when the BIGINT data type is used. This can be triggered by attackers, potentially leading to a denial of service. The vulnerability is exploitable by a remote attacker. **Recommendations** For MariaDB versions 10.5.9 and earlier, update to a version later than 10.5.9 to resolve the issue. As a temporary workaround, consider restricting the use of the BIGINT data type until a patch is available.