PT-2025-10403 · Mariadb+9 · Mariadb Server+9

Published

2023-09-04

Updated

2026-04-02

CVE-2023-52970

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions MariaDB Server versions 10.4 through 10.11.* MariaDB Server versions 11.0 through 11.4.*

Description The issue causes MariaDB Server to crash in Item direct view ref::derived field transformer for where.

Recommendations For MariaDB Server versions 10.4 through 10.11., update to a version that is not affected by this issue. For MariaDB Server versions 11.0 through 11.4., update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the derived field transformer for where function until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-696CWE-1038

Related Identifiers

ALSA-2025:19572

ALSA-2025:19584

ALSA-2026:0136

ALSA-2026:0247

ALSA-2026:6435

ALT-PU-2025-7233

ALT-PU-2025-7238

ALT-PU-2025-7242

AZL-58070

AZL-58074

BDU:2025-15224

BIT-MARIADB-2023-52970

BIT-MARIADB-MIN-2023-52970

BIT-MYSQL-CLIENT-2023-52970

CESA-2025_19572

CVE-2023-52970

DLA-4154-1

ECHO-605D-2BA1-6BA6

INFSA-2025_19572

INFSA-2025_19584

MGASA-2025-0186

RHSA-2025:19572

RHSA-2025:19584

RHSA-2025_19572

RHSA-2025_19584

RHSA-2026:0136

RHSA-2026:0247

RHSA-2026:0334

RHSA-2026:0335

RHSA-2026:0376

RHSA-2026:6435

SUSE-SU-2025:03275-1

SUSE-SU-2025:4491-1

SUSE-SU-2025_03275-1

USN-7519-1

USN-7548-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Linuxmint

Mariadb Server

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2025-10403 · Mariadb+9 · Mariadb Server+9

CVE-2023-52970

Weakness Enumeration

Related Identifiers

Affected Products

References · 99