PT-2022-1774 · Mariadb+10 · Mariadb+11
Published
2021-05-10
·
Updated
2025-06-10
·
CVE-2021-46659
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
MariaDB versions prior to 10.7.2
Description
The issue is related to incorrect management of internal resources in MariaDB, specifically with the
SELECT LEX::nest level component. This can lead to an application crash because MariaDB does not recognize that SELECT LEX::nest level is local to each VIEW. Exploitation of this issue may allow a remote attacker to execute specially crafted queries and perform a denial-of-service (DoS) attack.Recommendations
For MariaDB versions prior to 10.7.2, update to version 10.7.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of views that utilize the
SELECT LEX::nest level component to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Mariadb
Mariadb Server
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu