Logo
vulnerabilityCVE-2023-52970
Name
CVE-2023-52970
Source
NVD ( link)Debian ( link)
Description
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
CWEs
CWE-1038
Published Date
Updated Date
Workaround
-
Advisories

Analysis#

Affected Component
Analysis
mariadb
Patched

Vulnerability Ratings#

4.9
CVSSv31
NaN
other

Others affected components#

Name
Project
Project Version
Version
Status
mariadb
buildroot
2025.02.x
10.11.17
Not Affected
mariadb
buildroot
master
10.11.17
Not Affected
libmariadb
openwrt
master
3.4.8-r3
Not Affected
mariadb
openwrt
master
11.8.3-r1
Not Affected
libmariadb
openwrt
openwrt-25.12
3.4.8-r3
Not Affected
mariadb
openwrt
openwrt-25.12
11.8.3-r1
Not Affected
mariadb
yocto
master
11.4.12
Not Affected
mariadb
yocto
scarthgap
10.11.16
Not Affected

Resolved with patches#

mariadb (yocto:kirkstone)

#
Title
Author
Resolve
1
MDEV-26247 MariaDB Server SEGV on INSERT .. SELECT
Oleg Smirnov <olernov@gmail.com>
CVE-2023-52969
CVE-2023-52970
2
Revert "MDEV-26427 MariaDB Server SEGV on INSERT .. SELECT"
Oleg Smirnov <olernov@gmail.com>
CVE-2023-52969
CVE-2023-52970
3
MDEV-32086 Server crash when inserting from derived table
Oleksandr Byelkin <sanja@mariadb.com>
CVE-2023-52969
CVE-2023-52970
4
MDEV-32086 (part 2) Server crash when inserting from derived
Oleksandr Byelkin <sanja@mariadb.com>
CVE-2023-52969
CVE-2023-52970