| VID |
25369 |
| Severity |
30 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The version of MariaDB installed on the remote host is prior to 10.2.43. It is, therefore, affected by multiple vulnerabilities as referenced in the mdb-10243-rn advisory.
- MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661)
- MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. (CVE-2021-46663)
- MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. (CVE-2021-46664)
- MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665)
- MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. (CVE-2021-46668)
* References:
https://mariadb.com/kb/en/mdb-10243-rn
* Platforms Affected:
MariaDB versions 10.2.x prior to 10.2.43
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MariaDB (10.2.43 or later), available from the MariaDB Web site at https://downloads.mariadb.org/ |
| Related URL |
CVE-2021-46661,CVE-2021-46663,CVE-2021-46664,CVE-2021-46665,CVE-2021-46668 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
