PT-2026-29985 · Mariadb · Mariadb
Published
2026-04-03
·
Updated
2026-04-03
·
CVE-2026-35549
CVSS v3.1
6.5
Medium
| AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching sha2 password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256 crypt r uses alloca.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mariadb