CVE-2023-26785

Name of the Vulnerable Software and Affected Versions MariaDB version 10.5

Description The issue is related to a remote code execution vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. This vulnerability is associated with insufficient input validation, which may allow a remote attacker to execute arbitrary code. Note that the MariaDB Foundation disputes this issue, stating that no privilege boundary is crossed.

Recommendations For MariaDB version 10.5, update to the latest release to mitigate the risks associated with this issue. As a temporary workaround, consider restricting the use of user-defined functions (UDFs) until a patch is available. Avoid using the create function statement with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.