PT-2021-7347 · Mariadb+6 · Mariadb+7

Published

2021-11-08

Updated

2025-06-10

CVE-2021-46662

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions MariaDB versions prior to 10.5.9

Description The issue is related to errors in resource release in the set var.cc component of the MariaDB database management system. Exploitation of this issue can lead to a denial of service. It is caused by certain uses of an UPDATE statement in conjunction with a nested subquery, which can result in an application crash.

Recommendations For versions prior to 10.5.9, update to a version that contains a fix for this issue to prevent potential crashes due to the exploitation of the set var.cc component vulnerability. As a temporary workaround, consider restricting the use of UPDATE statements with nested subqueries until a patch is available.

Exploit

Fix

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

ALSA-2022:1556

ALSA-2022:1557

ALT-PU-2022-2360

ALT-PU-2022-2446

ALT-PU-2023-1583

ALT-PU-2023-6462

AZL-8406

BDU:2022-05752

BIT-MARIADB-2021-46662

BIT-MARIADB-MIN-2021-46662

BIT-MYSQL-CLIENT-2021-46662

CESA-2022_1556

CESA-2022_1557

CVE-2021-46662

OESA-2022-1587

RHSA-2022:1007

RHSA-2022:1010

RHSA-2022:1556

RHSA-2022:1557

RHSA-2022:4818

RHSA-2022_1556

RHSA-2022_1557

RHSA-2023:6821

RLSA-2022:1556

RLSA-2022:1557

ROSA-SA-2023-2252

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Mariadb

Mariadb Server

Red Hat

Rocky Linux

PT-2021-7347 · Mariadb+6 · Mariadb+7

CVE-2021-46662

Weakness Enumeration

Related Identifiers

Affected Products

References · 84