CVE-2021-46661
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/02/2022
Last modified:
07/11/2023
Description
MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* | 10.2.0 (including) | 10.2.43 (excluding) |
| cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* | 10.3.0 (including) | 10.3.34 (excluding) |
| cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* | 10.4.0 (including) | 10.4.24 (excluding) |
| cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* | 10.5.0 (including) | 10.5.15 (excluding) |
| cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* | 10.6.0 (including) | 10.6.7 (excluding) |
| cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* | 10.7.0 (including) | 10.7.3 (excluding) |
| cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://jira.mariadb.org/browse/MDEV-25766
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO/
- https://mariadb.com/kb/en/security/
- https://security.netapp.com/advisory/ntap-20220221-0002/