CVE-2023-52968

Summary

MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fix_fields_if_needed under mysql_derived_prepare when derived is not yet prepared, leading to a find_field_in_table crash.

Affected Software

VendorProductVersion RangeStatus
MariaDBMariaDB10.4 < 10.4.33affected
MariaDBMariaDB10.5 < 10.5.24affected
MariaDBMariaDB10.6 < 10.6.17affected
MariaDBMariaDB10.7 < 10.11.7affected
MariaDBMariaDB11.0 < 11.0.5affected
MariaDBMariaDB11.1 < 11.1.4affected

Weaknesses

  • CWE-696: CWE-696 Incorrect Behavior Order

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References